...
For simple statements, this is recommended. Phixflow automatically converts this into a parameterized statement that ensures special characters are handled correctly and protects against SQL injection attacks.
In this case, the query sent to the database would be "select a,b,c from table where x=?" and the xValue variable would be sent as a query parameter.
...
| Argument | Type | Description |
|---|---|---|
| Statement | String | The SQL statement that is to be submitted including ? placeholders for Query Parameters. |
| Query Parameters | String | One or more Parameters, delimited by a comma, to be added to the Statement to replace the ? placeholders. Replacement is done in sequential order. |
...
In this example we select attr1 from MyTable, where the age is greater than the value provided by in.age and the type equals the value set by in.type. Note, the value must be prefixed with a $ and wrapped in curly braces i.e. ${...}
| Code Block |
|---|
${
sql( "select attr1 from " + in.MyTable + " where age > ? and type =?", in.age, in.type )
} |
...
You can also return a list of results, such as with a the list shown here or using a forEach:
| Code Block |
|---|
${
[
sql("update foo set (column = ?) where age > ?", in.newAge, in.age),
sql("update bar set (column = ?) where value > ?", in.newValue, in.value)
]
} |
...