I have this code in my executeQueries.ec file
sprintf(sqlQuery,
"select distinct e.emp_id, e.join_date \
from employees e
where e.emp_id in (?) and e.dob <= '%s')");
$prepare empDataStmt from $sqlQuery;
if (sqlca.sqlcode)
{
fprintf(stderr, "Error %d in prepare empDataStmt%s\n",
sqlca.sqlcode, sqlQuery);
return 0;
}
$declare empDataCursor cursor for incptDatesStmt;
if (pcs_sql_check("Error in declaring empDataCursor Stmt"))
{
return 1;
}
$open empDataCursor using $empIds_,dob_ ;
When I dbx the code and print empIds_
, I get this on console:
""04-Emp1","W2-Emp2""
Which means content of empIds_ is "04-Emp1","W2-Emp2"
(quotes included). The question is that the number of empIds
can be anything from 1 to 100 or 500. For example it can even be:
"04-Emp1","W2-Emp2","04-Emp4","W2-Emp3","0A-Emp1","E2-Emp7"
Because of this I can not get my code to work. Can anybody help me to write this code with using "?" for parametrized query that can handle any number of empIds
. Please note that the content of empIds_ will always have double-quotes embedded in them. I do not know whether this is a good thing or bad but I cannot do anything to prevent it.
You have some syntactic problems in what you show us:
sprintf(sqlQuery,
"select distinct e.emp_id, e.join_date \
from employees e
where e.emp_id in (?) and e.dob <= '%s')");
That won't compile; you'd need a second backslash after employees e
. I strong recommend avoiding backslash-newline in strings; use string concatenation instead.
sprintf(sqlQuery, "select distinct e.emp_id, e.join_date from employees e "
"where e.emp_id in (?) and e.dob <= '%s')");
Note that there is just white space (comments would count as white space too) between the two parts of the string; the C compiler concatenates such strings into a single string.
Now the sprintf()
call is syntactically correct at the C source level; it is still semantically incorrect because it contains %s
and you've not provided a string for it to copy. You should presumably be using a placeholder ?
for the date since you pass it to the $open
statement as a second parameter (but there isn't actually a placeholder for it).
You would then be able to avoid an explicit prepare operation by writing:
$ DECLARE empDataCursor FOR
SELECT DISTINCT e.emp_id, e.join_date
FROM employees e
WHERE e.emp_id IN ($empIds_) AND e.dob <= $dob_;
However, this isn't going to work for you, unfortunately. The crux of your problem is you are trying to pass a string as a list of values for the IN clause. It simply doesn't work like that. If you have one value, you need one placeholder ( ?
); if you have two values, you need two placeholders, etc.
So, we end up going back to a full prepared statement and substitute the empIds into the string:
int reqlen;
reqlen = snprintf(sqlQuery, sizeof(sqlQuery), "SELECT DISTINCT e.emp_id, e.join_date"
" FROM employees e WHERE e.emp_id IN (%s) AND e.dob <= '%s'",
empIds_, dob_);
if (reqlen >= sizeof(sqlQuery))
...truncated SQL...larger sqlQuery needed...
$ PREPARE empDataStmt FROM $sqlQuery;
...SQL error check...
$ DECLARE empDataCursor FOR empDataStmt;
...SQL error check...
$ OPEN empDataCursor; /* No USING clause! */
...SQL error check...
...code as before...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.