Embedding Data Definition Statements
Data definition statements, the SQL statements that create databases and modify the definitions of tables, are not usually put into programs. The reason is that they are rarely performed. A database is created once, but it is queried and updated many times.
The creation of a database and its tables is generally done interactively, using DB-Access or the SQL Editor. These tools can also be driven from a file of statements, so that the creation of a database can be done with one operating-system command.
Embedding Grant and Revoke Privileges
One task related to data definition is performed repeatedly: the granting and revoking of privileges. The reasons for this are discussed in Chapter 11, "Granting and Limiting Access to Your Database." Because privileges must be granted and revoked frequently, and possibly by users who are not skilled in SQL, it can be useful to package the GRANT and REVOKE statements in programs to give them a simpler, more convenient user interface.
The GRANT and REVOKE statements are especially good candidates for dynamic SQL. Each statement takes the following parameters:
You probably need to supply at least some of these values based on program input (from the user, command-line parameters, or a file) but none can be supplied in the form of a host variable. The syntax of these statements does not allow host variables at any point.
The only alternative is to assemble the parts of a statement into a character string and to prepare and execute the assembled statement. Program input can be incorporated into the prepared statement as characters.
The following INFORMIX-ESQL/C function assembles a GRANT statement from parameters, and then prepares and executes it:
The function's opening statement, shown in the following example, specifies its name and its three parameters. The three parameters specify the privileges to grant, the name of the table on which to grant privileges, and the ID of the user to receive them:
The function uses the statements in the following example to define a local variable, grant_stmt, which is used to assemble and hold the GRANT statement:
As the following example illustrates, the GRANT statement is created by concatenating the constant parts of the statement and the function parameters:
This statement concatenates the following six character strings:
The result is a complete GRANT statement composed partly of program input. The PREPARE statement passes the assembled statement text to the database server for parsing.
If the database server returns an error code in SQLCODE following the PREPARE statement, the function displays an error message. If the database server approves the form of the statement, it sets a zero return code. This action does not guarantee that the statement is executed properly; it means only that the statement has correct syntax. It might refer to a nonexistent table or contain many other kinds of errors that can be detected only during execution. The following portion of the example checks that the_grant was prepared successfully before executing it:
If the preparation is successful, SQLCODE = = 0, the next step executes the prepared statement.
|
