Parameterized Queries

When you’re working with data-bound fields, the SLX Provider handles names or other data with apostrophes—like “O’Reilly”—or fields with Null values in them, without you needing to worry about it.

If you’re doing explicit string SQL Inserts or Updates, however—or using fields that could have apostrophes/nulls in them in your WHERE clauses—you’re probably used to passing the field values through Replace functions, and either testing for Nulls or kludg-ily concatenating empty strings onto the end of each field.

If you use parameterized queries instead of SQL strings, you can go back to not worrying about stuff like that.

Sage actually uses exactly that method in the OTB “System:SLX Lead Support” script, but it’s full of a lot of other unrelated code. In bare-bones terms, parameterized queries in VBScript look like this:

Dim strCommand
Dim objParams
Dim objCmd
Dim objRs

...

Set objCmd = CreateObject("ADODB.Command") 'DNL
Set objCmd.ActiveConnection = Application.GetNewConnection

objCmd.CommandType = adCmdText
objCmd.Prepared = True
strCommand = "SELECT Lastname FROM Contact " _
     & "WHERE AccountID = ? AND IsPrimary = ?"
objCmd.CommandText = strCommand

objCmd.Parameters.Refresh
Set objParams = objCmd.Parameters

objParams.Item(0).Value = strAccountID
objParams.Item(1).Value = blnIsPrimary

Set objRs = objCmd.Execute

...

Set objRs  = Nothing
Set objParams = Nothing
Set objCmd = Nothing

It works exactly the same way for Inserts and Updates, just (obviously) without the objRs recordset.

If you’re getting weird errors, the Very First Thing to check is that the number of question-marks in the command string is equal to the number of parameters you’ve added.

And if you’ve ever wondered, the “DNL” that you see all over the place in SalesLogix OTB code stands for “Do Not Localize”—i.e., for strings which are just used internally and cannot be translated into other languages without having hugely detrimental effects on the program, as opposed to UI strings which can/should be localized into the user’s preferred language.

So it’s not just some developer’s initials. 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: