Issuing a Parameterized Query
The new home for Visual Studio documentation is Visual Studio 2017 Documentation on docs.microsoft.com.
The latest version of this topic can be found at Issuing a Parameterized Query.
The following example issues a simple parameterized query that retrieves records with an age field (that is greater than 30) from a table in a Microsoft Access database. To support the parameter, the user record must have an additional map. The following code, in an ATL project, uses the CCommand class instead of the CTable class used in the previous example, Traversing a Simple Rowset.
#include <atldbcli.h>
CDataSource connection;
CSession session;
CCommand<CAccessor<CArtists> > artists;
// Open the connection, session, and table, specifying authentication
// using Windows NT integrated security. Hard-coding a password is a major
// security weakness.
connection.Open(CLSID_MSDASQL, "NWind", NULL, NULL,
DBPROP_AUTH_INTEGRATED);
session.Open(connection);
// Set the parameter for the query
artists.m_nAge = 30;
artists.Open(session, "select * from artists where age > ?");
// Get data from the rowset
while (artists.MoveNext() == S_OK)
{
cout << artists.m_szFirstName;
cout << artists.m_szLastName;
}
The user record, CArtists, looks like this:
class CArtists
{
public:
// Data Elements
CHAR m_szFirstName[20];
CHAR m_szLastName[30];
short m_nAge;
// Column binding map
BEGIN_COLUMN_MAP(CArtists)
COLUMN_ENTRY(1, m_szFirstName)
COLUMN_ENTRY(2, m_szLastName)
COLUMN_ENTRY(3, m_nAge)
END_COLUMN_MAP()
// Parameter binding map
BEGIN_PARAM_MAP(CArtists)
SET_PARAM_TYPE(DBPARAMIO_INPUT)
COLUMN_ENTRY(1, m_nAge)
END_PARAM_MAP()
};