You can set parameters for dynamic SQL statements, so that any values unknown during the programming phase can be exchanged between the application program and the database instance.
...
1. Replace the values that need to be exchanged with the placeholder ? in the statement.
2. Use the PREPARE statement to prepare the dynamic SQL statement for execution, and assign it a statement name.
3.
Execute the
dynamic SQL statement with the EXECUTE statement
or OPEN
CURSOR statement.
Use the USING
clause to assign values to the previously unknown parameters at runtime,
for example, from a program variable of your choice. This does not have to be
a host variable.
You can execute a prepared SQL statement as often as you want, specifying new
values as parameters each time.
If, during the programming phase, you do not know the table columns addressed by a dynamic SQL statement, and, therefore, the required parameters, then also use a descriptor.
EXEC SQL BEGIN DECLARE SECTION;
int hno;
char name[16];
float price;
char cmd[100];
char *stmt;
EXEC SQL END DECLARE SECTION;
strcpy (cmd, "INSERT (INTO???) hotel VALUES(10, 'Excelsior', \
79000, 'Atlanta', 135.00)");
EXEC SQL PREPARE STMT1 FROM :cmd;
EXEC SQL EXECUTE STMT1;
hno = 10;
strcpy (cmd, "SELECT name, price INTO ?, ? \
FROM hotel WHERE hno=?");
stmt = "STMT2";
EXEC SQL PREPARE :stmt FROM :cmd;
EXEC SQL EXECUTE :stmt USING :name, :price, :hno;