Hi,
On 5/19/05, bandeng <postgredb@gmail.com> wrote:
> i want to make dynamic sql query like this
>
> select * from tb_cust where name='erick' and age='20'
>
> to
>
> select * from tb_cust $1
>
> i have tried but error comeup
I think there's a confusion about the usage of parameters like $1, $2,
... etc. You cannot use parameters for a whole statement like "where
name='erick' and age='20'" or "name='erick'". It's only useful to
point returned fields. Namely, above SQL query should be:
SELECT * FROM tb_cust WHERE name = $1 AND age = $2;
Plus beware it doesn't need quotes around parameter. Moreover, if
you're using some PostgreSQL API, you don't need to escape data
inserted by parameters. You may refer to documentation for further
information.
Regards.
