Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: ? parameter in mysql query
Top Forums Shell Programming and Scripting ? parameter in mysql query Post 302309022 by cbkihong on Tuesday 21st of April 2009 02:13:47 AM
Old 04-21-2009
? is a parameter placeholder. That way you don't have to directly compose the SQL with parameters given (failure to escape the parameters properly is the major reason for SQL injection attacks).

Typically, the ? is not valid at the database layer. Normally the database library will dynamically replace them with the parameters (converting where necessary) in the SQL and pass the resulting the query to the database. In other cases, the database engine may accept placeholders itself, especially true if the db supports prepared statements so that an SQL can be prepared once, thus allowing it to be instantiated multiple times to perform the same query with different set of parameters.
 

8 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

set mysql password with host parameter

hi, linux gurus... i'm trying to write a script in ksh called ResetPass that allows a user to change mysql passwords. the script accepts user, password and host like this: ResetPass <user> <password> <host>. here's the code: ***************************************************** mysql... (1 Reply)
Discussion started by: ankimo
1 Replies

2. Programming

How to query one to many mysql

Hi there, I have a hierarchical database that include 4 tables. Table A is the parent of B, B is Parent of C, C is parent of D. If I want to query everything in D that is associated with A.name, how do I do that? Thanks! YanYan (0 Replies)
Discussion started by: pinkgladiator
0 Replies

3. Shell Programming and Scripting

mysql help : query with 2 conditionals

Hi there, I have a table that stores multiple records for many different servers, each of which is timestamped ... I wanted to write a query that would enable me to only output the "latest" record (based on timestamp) for each "unique" server. So for example my main table looks like this ... (3 Replies)
Discussion started by: hcclnoodles
3 Replies

4. Web Development

mysql query help

hello all i have 2 columns every column in the following format column1 2011-04-01 11:39:54 column2 2019-02-03 00:00:00 i want get difference between above data as following 2 days 11:39 how to do so ? i tried many functions but nothing works please advice what is the query... (6 Replies)
Discussion started by: mogabr
6 Replies

5. Shell Programming and Scripting

mysql query in shellscript

Hi, I want to access mysql query from database , for that i have tried the below code #! /bin/bash TABLE_NAME=database1 USER_NAME=root IP_ADDR=111.20.9.256 somevar=`echo "select altid from alert where altid='2724'"| mysql -h $IP_ADDR -u $USER_NAME $TABLE_NAME ` echo $somevar ... (1 Reply)
Discussion started by: aish11
1 Replies

6. Programming

need to modify Mysql query

Hi, I want to run below query on shellscript but having one problm. ADV=$( mysql -h "$IP_ADDR" -u "$USER_NAME" "$TABLE_NAME" -BNe" SELECT ADV FROM indata where inid='$INSTRUID' and Date='$latest Date';" ) here Date column contans different below dates 2011-12-01... (0 Replies)
Discussion started by: aish11
0 Replies

7. Programming

mysql query help

Hello i have created mysql query to compare to values and get difference in percentage as following: SELECT file_name, 100 - ((100 * (SELECT file_count FROM xipi_files z WHERE x.file_group = z.file_group AND x.file_name = z.file_name AND z.insert_date = CURDATE( ) - INTERVAL 1 DAY)) /... (1 Reply)
Discussion started by: mogabr
1 Replies

8. Programming

Need help in mysql query

Hi All, i have a table in mysql with the following data Table name Test Assettype Serial_No Status location Mouse 123456 In Stock chennai Mouse 98765 Allocated chennai Keyboard ... (2 Replies)
Discussion started by: venkitesh
2 Replies

LEARN ABOUT REDHAT

execute

EXECUTE(7)							   SQL Commands 							EXECUTE(7)

NAME

       EXECUTE - execute a prepared query

SYNOPSIS

	  EXECUTE plan_name [ (parameter [, ...] ) ]

   INPUTS
       plan_name
	      The name of the prepared query to execute.

       parameter
	      The  actual  value  of a parameter to the prepared query.  This must be an expression yielding a value of a type compatible with the
	      data-type specified for this parameter position in the PREPARE statement that created the prepared query.

DESCRIPTION

       EXECUTE is used to execute a previously prepared query. Since prepared queries only exist for the duration of a session, the prepared query
       must have been created by a PREPARE statement executed earlier in the current session.

       If  the	PREPARE  statement  that created the query specified some parameters, a compatible set of parameters must be passed to the EXECUTE
       statement, or else an error is raised. Note that (unlike functions) prepared queries are not overloaded based on  the  type  or	number	of
       their parameters: the name of a prepared query must be unique within a database session.

       For more information on the creation and usage of prepared queries, see PREPARE [prepare(7)].

COMPATIBILITY

   SQL92
       SQL92  includes	an EXECUTE statement, but it is only for use in embedded SQL clients. The EXECUTE statement implemented by PostgreSQL also
       uses a somewhat different syntax.

SQL - Language Statements					    2002-11-22								EXECUTE(7)
All times are GMT -4. The time now is 03:17 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy