Previous Topic: Security Implications of Dynamic SQLNext Topic: Performance Considerations

Getting StartedDynamic SQLUsing Dynamic SQL in Application Programs

Using Dynamic SQL in Application Programs

An SQL statement in character string form is accepted as input by (or is generated from) an application program that uses dynamic SQL. To simplify a program that uses dynamic SQL, code it so that it either does not use SELECT statements or only uses SELECT statements that return a known number of values of known types.

When you are coding a program that uses dynamic SQL, but you do not know which SQL statements are to be executed, consider having the program take the following steps:

  1. For input data (including parameter markers), translate it into an SQL statement.
  2. For the SQL statement,
    1. Prepare it for execution, and
    2. Obtain its description.
  3. For SELECT statements, acquire enough main storage to contain the data that is retrieved.
  4. Then, either:
    1. Execute the statement, or
    2. Fetch the rows of data.
  5. Next, process the information that is returned.
  6. And then deal with SQL return codes.