Some drivers support placeholders and bind
values. Placeholders, also called parameter
markers, are used to indicate values in a database statement that
will be supplied later, before the prepared statement is executed.
For example, an application might use the following to insert a row
of data into the sales table:
INSERT INTO sales (product_code, qty, price) VALUES (?, ?, ?)
or the following, to select the description for a product:
SELECT description FROM products WHERE product_code = ?
The ? characters are the placeholders. The
association of actual values with placeholders is known as
binding, and the values are referred to as
bind values.
When using placeholders with the SQL LIKE
qualifier, you must remember that the placeholder substitutes for the
whole string. So you should use "... LIKE ? ..." and include any wildcard characters in the value
that you bind to the placeholder.
Undefined values, or
undef, can be used to
indicate null values. However, care must be taken in the particular
case of trying to use null values to qualify a
SELECT statement.
For example:
SELECT description FROM products WHERE product_code = ?
Binding an undef (NULL) to the placeholder will
not select rows that have a NULL
product_code. (Refer to the SQL manual for your
database engine or any SQL book for the reasons for this.) To
explicitly select NULLs, you have to say "WHERE product_code
IS
NULL" and to make that general, you have to
say:
... WHERE (product_code = ? OR (? IS NULL AND product_code IS NULL))
and bind the same value to both placeholders.