Statement.executeQuery Method
Executes an SQL statement that returns an instance of the .
Syntax
public ResultSet executeQuery(str statement)
Run On
Called
Parameters
- statement
Type: str
The string that contains the SQL statement that is used to retrieve the result set.
Return Value
Type: ResultSet Class
The object that contains the data returned from the query.
Remarks
If users control input to the executeQuery method, an SQL injection threat can occur. Therefore, this method runs under Code Access Security. Calls to this method on the server require permission from the . The following are safer alternatives for executing SQL statements:
Queries
Views
X++ select statements
Record level security is not enforced on the Statement class. If data is exposed to the user, perform explicit security validation.
Examples
The following example performs an SQL query on CustTable, which runs on the server. The result of the query is stored in the resultSet object.
server static void main(Args _args)
{
DictTable dictTable;
Connection connection;
Statement statement;
str sql;
ResultSet resultSet;
SqlStatementExecutePermission perm;
dictTable = new DictTable(tableNum(CustTable));
if (dictTable != null)
{
connection = new Connection();
sql = strfmt( "SELECT * FROM %1", dictTable.name(DbBackend::Sql) );
perm = new SqlStatementExecutePermission(sql);
// Check for permission to use the statement.
perm.assert();
statement = connection.createStatement();
resultSet = statement.executeQuery(sql);
// End the scope of the assert call.
CodeAccessPermission::revertAssert();
}
}