Top "Parameterized-query" questions

A Prepared Statement (or parameterized statement) is a precompiled SQL statement that serves to improve performance and mitigate SQL injection attacks.

What is parameterized query?

What is a parameterized query, and what would an example of such a query be in PHP and MySQL?

php sql parameterized-query
How to use parameterized query in Excel using column as parameter?

I am trying to develop a spreadsheet that can locate corresponding records in an external data source. So, let's say …

excel parameterized-query excel-external-data
How do parameterized queries help against SQL injection?

In both queries 1 and 2, the text from the textbox is inserted into the database. What's the significance of the parameterized …

c# .net sql sql-server-2005 parameterized-query
How to insert null value in Database through parameterized query

I have a datetime datatype : dttm Also the database field type is datatime Now I am doing this: if (dttm.…

c# sql datetime insert parameterized-query
Confusion between prepared statement and parameterized query in Python

As far as I understand, prepared statements are (mainly) a database feature that allows you to separate parameters from the …

python database prepared-statement sql-injection parameterized-query
Query formatting for Parameterized Queries

I am using pg-promise to execute select query with like clause in PostgreSQL. Unfortunately the query is failing with error …

postgresql parameterized-query pg-promise
Passing NULL value into parameterized delphi SQL server query

I am trying to pass in a null value to a TSQLDataset parameter. The query has the form: Query_text:=…

sql-server delphi delphi-xe4 parameterized-query
Is it safe to not parameterize an SQL query when the parameter is not a string?

In terms of SQL injection, I completely understand the necessity to parameterize a string parameter; that's one of the oldest …

c# sql sql-injection sqlcommand parameterized-query
ExecuteNonQuery inside loop

I'm trying to insert a database record inside a loop in C#. It works when I hard code the values …

c# sqlcommand parameterized-query