3524 > parameterized queries > Flashcards

parameterized queries Flashcards

(19 cards)

Study These Flashcards
1
Q

effective decision support systems require

A

flexibility in interacting with the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

decision makers may not always know

A

exactly what questions they want/need to ask

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

b/c decision makers may not know what questions they want to ask, it is important to

A

support “what if?” questions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

pre-determining a list of potential queries can be

A

very limiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

using parameters within a query allows

A

the user to decide exactly what data to return

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

with parameters, the database programmer:

A

sets up the structure/template for the SQL statement, but leaves certain values unspecified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

parameterized queries greatly improves

A

the usability of the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

parameterized queries are frequently used in (and also used in)

A

web-based DSS
- also used in desktop applications (.NET -> MS Access)
- also used within actual DBMS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

within MS Access, parameterized queries can be used by

A

building userforms and collecting the parameter values as variables from the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

parameterized queries can also be called from other applications using a

A

DB provider/driver
(PHP/ASP.NET/VB.NET/Java)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

example of calling parameterized queries externally

A

dim cmd as New OleDbCommand(“SELECT * FROM Customer WHERE LName = ?”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Microsoft Access specific format

A

parameter order matters
“SELECT * FROM table1 WHERE col1 = ? OR col2 LIKE ?”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

SQL server specific format

A

supports named parameters
“SELECT * FROM table1 WHERE col1 = @someCol1 OR col2 LIKE @theColour”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Oracle specific format

A

“SELECT * FROM table1 WHERE col1 = :someCol1 OR col2 LIKE :theColour”

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

advantages of parameterized queries

A
  • query can be compiled once at beginning of process
  • data types can be enforced without focus on syntax
  • security, can help to protect against SQL injection
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

when query is compiled once at beginning,

Study These Flashcards
A

parameter values can then be set as needed

17
Q

SQL injection

Study These Flashcards
A

consists of inserting or injecting SQL code via data that is sent to a DBMS, when (non-parameterized) dynamic SQL is used

18
Q

because a parameterized query is expecting only the values for missing parameters,

Study These Flashcards
A

it will protect against many SQL injection attacks

19
Q

SQL injection example

Study These Flashcards
A

; DROP TABLE employee;–

3524
flashcards
Decks in class (18)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions