Procedure documentationTesting Prepared Statements Locate this document in the navigation structure

 

Prepared statements are used for developing database applications. Prepared statements enable you to use SQL statements with placeholders in methods of the language selected for the database application.

Interfaces for SAP MaxDB: Prepared Statement Support

Interface

Implementation

JDBC

PreparedStatement class

ODBC

SQLPrepare method

SQLDBC

SQLDBC_PrepareStatement class

PHP

maxdb_prepare

Perl

prepare

Python

Method prepare (class SapDB_Session), Class SapDB_Prepared (module sdb.sql)

Prepared statements have the following advantages when compared to simple SQL statements:

  • They are more efficient since the database system only needs to parse them once, even if they are used more than once.

  • They are more secure, because they separate the SQL logic and the data entered by the user and so decrease the risk of a user deliberately specifying invalid values (SQL injection).

In the Database Studio, you can test prepared statements with different variable values and check which strategies the database system uses for different variable values.

Procedure

  1. Enter the SQL statement.

    Use a question mark ? as a placeholder in the SQL statement.

    Example Example

    SELECT zip, name

    FROM hotel.city

    WHERE name = ?

    End of the example.

    More information: Entering and Executing SQL Statements

  2. In the context menu of the SQL editor, choose Prepare Statement.

  3. Enter a value for the placeholder.

  4. In the context menu of the SQL editor, choose Execute SQL.

    The result of the executed SQL statement with this placeholder is displayed.