Using Query Parameters
In Hazelcast clients, you can use query parameters to build safer, faster SQL queries.
A query parameter is a piece of information that you supply to a query when you run it. Parameters typically replace literals in the query.
int minimumAge = 30;
sql.execute("SELECT name FROM employees WHERE employees.age >= ?", minimumAge);
Instead of putting data straight into a SQL statement, you use the
? placeholder in your client code to indicate that you will provide a value for that parameter.
Query parameters have the following benefits:
Faster execution of similar queries. If you submit more than one query where only a value changes, the SQL service uses the cached execution plan from the first query rather than optimizing each query again.
Protection against SQL injection. If you use query parameters, you don’t need to escape special characters in user-provided strings.
Inserting values into OBJECT fields from the Java client. OBJECT fields are used for arrays, nested objects, or enums (anything for which we don’t have a more specific type). You can use query parameters to insert or query these values.
|To use parameterized queries to compare one object to another, you must add the object’s class to the member. Doing so allows the member to convert the parameter to an instance of the object.