Mini-Antipattern: Query Parameters inside Quotes
âWhy does my query fail to find any data when I use a parameterized query? When I interpolate a variable into the SQL string, it works."
A common mistake is to put the query parameter placeholder inside quotes (the following example uses ? as the placeholder, the default for MySQL):
| â | âSELECTâ * âFROMâ Bugs âWHEREâ bug_id = â'?'â |
This treats the question mark symbol as a string literal, not a parameter placeholder. The bug_id, being an integer, is compared to the numeric value of the string literal, which is zero. In this table, the bug_id values start at 1, so a value of zero will not match any row.
If you think about it, it must do this, because otherwise there would ...
Get SQL Antipatterns, Volume 1 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
