Parameters
Parameters serve as placeholders for values in a SQL command. Parameters are used to separate the data of a SQL command from the command itself. This can be useful when the same command can be run multiple times by just varying the data of the command thereby increasing performance of the data grid. Parameters can be used to prevent SQL injection attacks in queries.
Parameters in a SQL command are specified by using '?' (question mark). For SELECT statements, parameters are supported for the values of comparisons in WHERE clauses. For INSERT statements, parameters are supported for column values.
The Statement interface provides methods for setting the values of any parameters used in a SQL command. Separate methods for setting parameter values are provided for each data type supported by ActiveSpaces. The setNull() method is provided to specify that a parameter's value must be empty (SQL NULL). All parameter values must be specified before running the statement or an error is returned. Parameters are numbered starting with 1.