Issuing a Parameterized Query
The following example issues a simple parameterized query that retrieves records with an age field (that is greater than 30) from a table in a Microsoft Access database. To support the parameter, the user record must have an additional map. The following code, in an ATL project, uses the CCommand class instead of the CTable class used in the previous example, Traversing a Simple Rowset.
#include <atldbcli.h>
CDataSource connection;
CSession session;
CCommand<CAccessor<CArtists> > artists;
// Open the connection, session, and table, specifying authentication
// using Windows NT integrated security. Hard-coding a password is a major
// security weakness.
connection.Open(CLSID_MSDASQL, "NWind", NULL, NULL,
DBPROP_AUTH_INTEGRATED);
session.Open(connection);
// Set the parameter for the query
artists.m_nAge = 30;
artists.Open(session, "select * from artists where age > ?");
// Get data from the rowset
while (artists.MoveNext() == S_OK)
{
cout << artists.m_szFirstName;
cout << artists.m_szLastName;
}
The user record, CArtists, looks like this:
class CArtists
{
public:
// Data Elements
CHAR m_szFirstName[20];
CHAR m_szLastName[30];
short m_nAge;
// Column binding map
BEGIN_COLUMN_MAP(CArtists)
COLUMN_ENTRY(1, m_szFirstName)
COLUMN_ENTRY(2, m_szLastName)
COLUMN_ENTRY(3, m_nAge)
END_COLUMN_MAP()
// Parameter binding map
BEGIN_PARAM_MAP(CArtists)
SET_PARAM_TYPE(DBPARAMIO_INPUT)
COLUMN_ENTRY(1, m_nAge)
END_PARAM_MAP()
};