SELECT Like a Boss With Query Parameters

Valued Contributor

2 years ago

Good topic, I don't see this done enough in the wild. I agree that its much more readable. I also feel a lot more comfortable when I'm implementing more secure code (re: sql injection) even in a low risk environment such as OS.

To go one step further on the readability front, I don't entirely understand why people use StringBuilder in these situations and I'd love to be shown the light if there is some. I only understand the benefits of StringBuilder when compared to making many concatenations to a string (e.g. via a loop).

I find this code much more readable. I also like that I can copy the SQL for testing without having to remove x.appends.= and quotes all over the place

' use Decimals everywhere, its what OneStream cells also contain in .CellAmount
Dim someAmount as Decimal = 123.456
Dim myQuery As String
myQuery = "SELECT * FROM vStageSourceAndTargetDataWithAttributes
           WHERE RawAmount < @myThreshold"
Dim parameters As New List(Of DbParamInfo)
parameters.Add(New DbParamInfo("myThreshold", someAmount))
Dim result As DataTable = BRApi.Database.ExecuteSql(dbconn, myQuery, parameters, False)

Feel free to send swag 😁

Knowledge Base Article

SELECT Like a Boss With Query Parameters

Related Content

Parameters

Reset parameter selections via business rule

Use of XFBR in the SQL query of a Bound List parameter

Dynamic Dashboards – Passing Parameters with Repeat Arguments.

SQL Query to External Table

Mastering Dashboard Load Events, Component Actions and Advanced Parameter Handling

How to build a Multi-Select TreeView

BiViewer Parameters Demystified - pt 2