embedded SQL

(redirected from static SQL)

embedded SQL

SQL statements that are written into a high-level programming language such as C or Pascal. In a preprocessing stage, the SQL code is converted into function calls, which may be optimized to provide the fastest results. If the programmer knows exactly what the query is going to do, and the query does not change, it is called "static SQL." If the query requires user input at runtime, it is called "dynamic SQL." If the client program passes the SQL statements directly to the database server without any intermediate step, it is called "passthrough SQL."
Copyright © 1981-2019 by The Computer Language Company Inc. All Rights reserved. THIS DEFINITION IS FOR PERSONAL USE ONLY. All other reproduction is strictly prohibited without permission from the publisher.
Mentioned in ?
References in periodicals archive ?
An automatic query sanitization technique called Automatic and Static SQL Injection Sanitization Tool (ASSIST) was proposed by [18] to automatically eliminate SQL injection vulnerabilities in code.
Additional techniques for halting SQL injection attacks include using static SQL instead of dynamic SQL, proper validation and testing of user input, enforcing appropriate limits to prevent buffer overruns, and avoiding the concatenation of user input to SQL.
* Performance Information on SQL Coming to DB2 through DDF -- Compuware Strobe DB2 DDF support identifies dynamic and static SQL statements executing within the DDF address space so that users can see what SQL ran on behalf of a particular location.
The high performance apply should give you the ability to convert from dynamic SQL to static SQL 'on the fly' to enhance performance.