Question : Need sample code for using Sybase Dynamic SQL, esp. with multiple parameters

Hello,
Where can I find sample code for preparing a statement, set the input parameter values, and execute the statement using ct_dynamic function? Especially when there are multiple input parameters to set (bind)? I have only found sample code for setting ONE parameter.
Thanks.

Answer : Need sample code for using Sybase Dynamic SQL, esp. with multiple parameters

Yes. You should definitely convert all the dynamic SQL to stored procedures and use ct_param and ct_command with CS_RPC_CMD.

Yes, database performance will be affected by converting to stored procedures; it will get better! The number of procedures is irrelevant to database performance. Each one represents pre-parsed, pre-optimized, and pre-compiled code; all steps that dynamic SQL has to do each time you run it. Prepared statements are worse if you are throwing them away each time and not quite as bad as just passing SQL strings if you are reusing them quite a bit.

Since you are worried about application security, the use of stored procedures tightens things up even further. For example, you can grant the application user no rights at all except EXEC on the stored procedures you want him/her to use. The stored procedure owner has to have rights to the tables when you compile them. SQL Injection is not a problem at all because you are doing everything as RPC calls and nobody (except DBO) needs to have access to the actual data tables.

If you need to grant table level access to certain users, say internal people running a reporting tool against the same database, you can still do so as long as you keep the user ids distinct. You can limit that access to read-only unless there is a need for read-write access. Some sites take all this a step further and build everything on top of views that have a layer of security built in them as well.

Creating all those stored procedures is not a bad job if you have a database IDE to work with. Sybase Workspace is free, either thru Sybase or via membership in the ISUG ($95 well spent.) You can also use Embaracdero RapidSQL Pro or Aquafold Aqua Data Studio. There are some others out there as well but those are the three biggies. All three have interactive debuggers for T-SQL procedures and triggers as well so you should be in much better shape than you are now.

You can set up an assembly line for the procs. Just clip the SQL out of the C++ code and drop it into a CREATE PROCEDURE template. Give the procedure and the arguments names, put the argument list at the top, and you are done.

Regards,
Bill

Random Solutions

Birthday reminders

Allowing access to MSconfig with user still as a Power User

Access Denyed with Squid

Macrovision Setup will not run proprly

where are emails stored?

A program or firewall is not compatible with Windows Vista - wscript.exe

Attach DB from storage drive

powershell Get-Acl to Set-Acl system date variable and output to file

8 GB DDR2 PC-5300 RAM installed, shows up in BIOS, but in not in XP