ACTIONSCRIPT 3 Developer’s Guide en
13.08.2012 Views
Share Embed Flag

ACTIONSCRIPT 3 Developer’s Guide en

ACTIONSCRIPT 3 Developer’s Guide en

ACTIONSCRIPT 3 Developer’s Guide en

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
ggschelling77

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

<strong>ACTIONSCRIPT</strong> 3.0 DEVELOPER’S GUIDE<br />

Working with local SQL databases in AIR<br />

Using unnamed parameters<br />

Adobe AIR 1.0 and later<br />

As an alternative to using named parameters, you can also use unnamed parameters. To use an unnamed parameter<br />

you d<strong>en</strong>ote a parameter in a SQL statem<strong>en</strong>t using a “?” character. Each parameter is assigned a numeric index,<br />

according to the order of the parameters in the statem<strong>en</strong>t, starting with index 0 for the first parameter. The following<br />

example demonstrates a version of the previous example, using unnamed parameters:<br />

var sql:String =<br />

"INSERT INTO inv<strong>en</strong>toryItems (name, productCode)" +<br />

"VALUES (?, ?)";<br />

var addItemStmt:SQLStatem<strong>en</strong>t = new SQLStatem<strong>en</strong>t();<br />

addItemStmt.sqlConnection = conn;<br />

addItemStmt.text = sql;<br />

// set parameter values<br />

addItemStmt.parameters[0] = "Item name";<br />

addItemStmt.parameters[1] = "12345";<br />

addItemStmt.execute();<br />

B<strong>en</strong>efits of using parameters<br />

Adobe AIR 1.0 and later<br />

Using parameters in a SQL statem<strong>en</strong>t provides several b<strong>en</strong>efits:<br />

Better performance A SQLStatem<strong>en</strong>t instance that uses parameters can execute more effici<strong>en</strong>tly compared to one that<br />

dynamically creates the SQL text each time it executes. The performance improvem<strong>en</strong>t is because the statem<strong>en</strong>t is<br />

prepared a single time and can th<strong>en</strong> be executed multiple times using differ<strong>en</strong>t parameter values, without needing to<br />

recompile the SQL statem<strong>en</strong>t.<br />

Explicit data typing Parameters are used to allow for typed substitution of values that are unknown at the time the SQL<br />

statem<strong>en</strong>t is constructed. The use of parameters is the only way to guarantee the storage class for a value passed in to<br />

the database. Wh<strong>en</strong> parameters are not used, the runtime attempts to convert all values from their text repres<strong>en</strong>tation<br />

to a storage class based on the associated column's type affinity.<br />

For more information on storage classes and column affinity, see “Data type support” on page 1114.<br />

Greater security The use of parameters helps prev<strong>en</strong>t a malicious technique known as a SQL injection attack. In a SQL<br />

injection attack, a user <strong>en</strong>ters SQL code in a user-accessible location (for example, a data <strong>en</strong>try field). If application<br />

code constructs a SQL statem<strong>en</strong>t by directly concat<strong>en</strong>ating user input into the SQL text, the user-<strong>en</strong>tered SQL code is<br />

executed against the database. The following listing shows an example of concat<strong>en</strong>ating user input into SQL text. Do<br />

not use this technique:<br />

Last updated 6/6/2012<br />

731

logo

Produits

Ressources

Entreprises

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!