/usr/share/gtk-doc/html/libgda-5.0/ch06s03.html is in libgda-5.0-doc 5.2.4-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 | <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Executing queries: GNOME Data Access 5 manual</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.79.1">
<link rel="home" href="index.html" title="GNOME Data Access 5 manual">
<link rel="up" href="getting_started.html" title="Code examples">
<link rel="prev" href="connections.html" title="Connecting">
<link rel="next" href="data-model.html" title="Managing data models">
<meta name="generator" content="GTK-Doc V1.25 (XML mode)">
<link rel="stylesheet" href="style.css" type="text/css">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
<table class="navigation" id="top" width="100%" summary="Navigation header" cellpadding="2" cellspacing="5"><tr valign="middle">
<td width="100%" align="left" class="shortcuts"></td>
<td><a accesskey="h" href="index.html"><img src="home.png" width="16" height="16" border="0" alt="Home"></a></td>
<td><a accesskey="u" href="getting_started.html"><img src="up.png" width="16" height="16" border="0" alt="Up"></a></td>
<td><a accesskey="p" href="connections.html"><img src="left.png" width="16" height="16" border="0" alt="Prev"></a></td>
<td><a accesskey="n" href="data-model.html"><img src="right.png" width="16" height="16" border="0" alt="Next"></a></td>
</tr></table>
<div class="sect1">
<div class="titlepage"><div><div><h2 class="title" style="clear: both">
<a name="id-1.2.7.4"></a>Executing queries</h2></div></div></div>
<p>
Any query within <span class="application">Libgda</span> is represented as a <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object. Each
<a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object can store exactly one SQL statement (SQL statements
are generally separated by semi-colons). Several statements can be grouped into a
<a class="link" href="GdaBatch.html" title="GdaBatch">GdaBatch</a> object.
</p>
<p>
<span class="application">Libgda</span> can execute any SQL understood by the database to which a connection is opened, even SQL code containing
extensions specific to a database.
</p>
<p>
When creating an SQL string which contains values (literals), one can be tempted (as it is the easiest solution) to
create a string containing the values themselves, execute that statement and apply the same process the next time the same
statement needs to be executed with different values. This approach has two major flaws outlined below which is why <span class="application">Libgda</span>
recommends using variables in statements (also known as parameters or place holders) and reusing the same
<a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object when only the variable's values change. The flaws are:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>The performances of the resulting application are not optimized because the database needs to parse the SQL
string each time and build its own internal representation of the statement, execute the statement using its
internal representation, then discard that internal representation. Using variables and reusing the same statement,
the database only parses once the SQL statement, builds its internal representation, and reuses it every time
the statement is executed.
</p></li>
<li class="listitem"><p>Literals in SQL strings are an open invitation to SQL injection problems. Using variables prevents SQL injection.
</p></li>
</ul></div>
<p>
</p>
<p>
Because each database has its own way of representing variables in an SQL string, and because those ways of representing
variables don't contain enough information (it is usually impossible to specify the expected type for a variable for example)
<span class="application">Libgda</span> has defined a standard way of defining them, and translates it into the syntax understood by the database when
needed. For more information about that syntax, see the <a class="link" href="GdaSqlParser.html#GdaSqlParser.description" title="Description">GdaSqlParser's object description</a>.
</p>
<p>
GdaStatement objects can be created by:
</p>
<div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
<li class="listitem"><p>parsing SQL code using <a class="link" href="GdaSqlParser.html#gda-sql-parser-parse-string" title="gda_sql_parser_parse_string ()">gda_sql_parser_parse_string ()</a>
from a <a class="link" href="GdaSqlParser.html" title="GdaSqlParser">GdaSqlParser</a> object.</p></li>
<li class="listitem"><p>building a <a class="link" href="libgda-5.0-GdaSqlStatement.html#GdaSqlStatement" title="GdaSqlStatement">GdaSqlStatement</a> structure and creating
a <a class="link" href="GdaStatement.html" title="GdaStatement">GdaStatement</a> object around that structure. This method requires more
knowledge but is more portable across databases</p></li>
</ul></div>
<p>
</p>
<p>
Executing a statement is a matter of calling
<a class="link" href="GdaConnection.html#gda-connection-statement-execute" title="gda_connection_statement_execute ()">gda_connection_statement_execute ()</a> or one of its simplified
versions if the nature of the statement (SELECT or not) is known.
</p>
<p>
The following example shows how to use a GdaStatement to list the details of some data while making a variable
(named "the_id") vary from 0 to 9 (for simplicity, error checking has been removed):
</p>
<pre class="programlisting">
GdaConnection *cnc;
GdaSqlParser *parser;
GdaStatement *stmt;
GdaSet *params;
GdaHolder *p;
GValue *value;
gint i;
cnc = ...;
[...]
stmt = gda_sql_parser_parse_string (parser, "SELECT * FROM customers WHERE id=##the_id::gint", NULL, NULL);
gda_statement_get_parameters (stmt, &params, NULL);
p = gda_set_get_holder (params, "the_id");
value = gda_value_new (G_TYPE_INT);
for (i = 0; i < 10; i++) {
GdaDataModel *res;
g_value_set_int (value, i);
gda_holder_set_value (p, value);
res = gda_connection_statement_execute_select (cnc, stmt, params, NULL);
gda_data_model_dump (res, stdout);
g_object_unref (res);
}
g_object_unref (params);
g_object_unref (stmt);
</pre>
<p>
</p>
</div>
<div class="footer">
<hr>Generated by GTK-Doc V1.25</div>
</body>
</html>
|