Informix-ESQL/C Programmer's Manual

Informix-ESQL/C Programmer's Manual
Chapter 14: Using Dynamic SQL

Home Contents Index Master Index New Book

Using Dynamic SQL

To execute an SQL statement, the database server must have the following information about the statement:

The type of statement, such as SELECT, DELETE, EXECUTE PROCEDURE, or GRANT
The names of any database objects, such as tables, columns, and indexes
Any WHERE-clause conditions, such as column names and matching criteria
Where to put any returned values, such as the column values from the select list of a SELECT statement
Values that need to be sent to the database server, such as the column values for a new row for an INSERT statement

If information in an SQL statement varies according to some conditions in the application, your ESQL/C program can use dynamic SQL to build the SQL statement at runtime. The basic process to dynamically execute SQL statements consists of the following steps:

1. Assemble the text of an SQL statement in a character-string variable.

2. Use a PREPARE statement to have the database server examine the statement text and prepare it for execution.

3. Execute the prepared statement with the EXECUTE or OPEN statement.

4. Free dynamic resources that are used to execute the prepared statement.

Assembling and Preparing the SQL Statement

Dynamic SQL allows you to assemble an SQL statement in a character string as the user interacts with your program. A dynamic SQL statement is like any other SQL statement that is embedded into a program, except that the statement string cannot contain the names of any host variables. The PREPARE statement sends the contents of an SQL statement string to the database server, which parses it and creates a statement identifier structure (statement identifier).

Assembling the Statement

Assign the text for the SQL statement to a single host variable, which appears in the PREPARE statement. The key to dynamically execute an SQL statement is to assemble the text of the statement into a character string. You can assemble this statement string in the following two ways:

As a fixed string, if you know all the information at compile time
As a series of string operations, if you do not have all the information at compile time

If you know the whole statement structure, you can just list it after the FROM keyword of the PREPARE statement, as shown in the following example:

EXEC SQL prepare slct_id from 

	'select company from customer where customer_num = 101';

Tip: The statement text in the preceding example is surrounded with single quotes. Double quotes are also valid, although single quotes are specified by the ANSI SQL standard.

Alternatively, you can copy the statement into a char variable as shown in Figure 14-1


stcopy("select company from customer where customer_num = 101", stmt_txt); EXEC SQL prepare slct_id from :stmt_txt;	Figure 14-1 Preparing a SELECT Statement from a Character String

Both of these methods have the same restriction as a static SQL statement. They assume that you know the entire statement structure at compile time. The disadvantage of these dynamic forms over the static one is that any syntax errors encountered in the statement will not be discovered until runtime (by the PREPARE statement). If you statically execute the statement, the ESQL/C preprocessor can uncover syntactic errors at compile time (semantic errors might remain undiagnosed until runtime). You can improve performance when you dynamically execute an SQL statement that is to be executed more than once. The statement is parsed only once.

In Figure 14-1, the stmt_txt variable is a host variable because it is used in an embedded SQL statement (the PREPARE statement). Also the INTO clause of the SELECT statement has been removed because host variables cannot appear in a statement string. Instead, you specify the host variables in the INTO clause of an EXECUTE or FETCH statement (see page 14-10). Other SQL statements like DESCRIBE, EXECUTE, and FREE can access the prepared statement when they specify the slct_id statement identifier.

Important: By default, the scope of a statement identifier is global. If you create a
multifile application and you want to restrict the scope of a statement identifier to a single file, preprocess the file with the -local preprocessor option. For more information on -local, see Chapter 1 of this manual.

If you do not know all the information about the statement at compile time, you can use the following features to assemble the statement string:

The char host variables can hold the identifiers in the SQL statement (column names or table names) or parts of the statement like the WHERE clause. They can also contain keywords of the statement.
If you know what column values the statement specifies, you can declare host variables to provide column values that are needed in a WHERE clause or to hold column values that are returned by the database server.
Input-parameter placeholders, represented by a question mark (?), in a WHERE clause indicate a column value to be provided, usually in a host variable at time of execution. Host variables used in this way are called input parameters. For more information, see "Executing Statements with Input Parameters".
You can use ESQL/C string library functions like stcopy() and stcat(). For more information, see Chapter 3, "Working with Character and String Data Types."

Figure 14-2 shows the SELECT statement of Figure 14-1 changed so that it uses a host variable to determine the customer number dynamically


stcopy("select company from customer where customer_num = ", stmt_txt); stcat(cust_num, stmt_txt); EXEC SQL prepare slct_id from :stmt_txt;	Figure 14-2 Using a Host Variable to Assemble a SELECT Statement

Figure 14-3 shows how you can use an input parameter to program this same SELECT statement so that the user can enter the customer number

EXEC SQL prepare slct_id from
'select company from customer where customer_num = ?';

Figure 14-3
Using an Input Parameter to Assemble a
SELECT Statement

.

You can prepare almost any SQL statement dynamically. The only ones that cannot be prepared are those directly concerned with dynamic SQL and cursor management (such as FETCH and OPEN), and the SQL connection statements. For a complete list of statements, see the PREPARE statement in the Informix Guide to SQL: Syntax.

Tip: You can use the Deferred-PREPARE feature to defer execution of a prepared SELECT, INSERT, or EXECUTE FUNCTION statement until the OPEN statement. For more information, see "Deferring Execution of the PREPARE Statement".

Preparing Statements That Have Collection Variables

You use the Collection Derived Table clause with an INSERT or SELECT statement to access an ESQL/C collection variable. (For more information on how to use the Collection Derived Table clause and collection variables, see Chapter 9 of this manual.)

When you prepare a statement that manipulates an ESQL/C collection variable, the following restrictions apply:

You must specify the statement text as a quoted string in the PREPARE statement.

collection

not

The quoted string for the statement text cannot contain any collection host variables.

collection

You cannot perform multi-statement prepares if a statement contains a collection variable.

For example, the following ESQL/C code fragment prepares an INSERT on the a_set client collection variable:

EXEC SQL BEGIN DECLARE SECTION;

	client collection set(integer not null) a_set;

EXEC SQL END DECLARE SECTION;

EXEC SQL prepare coll_stmt from 

	'insert into table(?) values (1, 2, 3)';

EXEC SQL execute coll_stmt using :a_set;

Important: You must declare an ESQL/C collection variable as a client collection variable (a collection variable that is stored on the client computer).

Checking the Prepared Statement

When PREPARE sends the statement string to the database server, the database server parses it to analyze it for errors. The database server indicates the success of the parse in the sqlca structure, as follows: