A parameter marker, often denoted by a question mark (?), is a place holder in an SQL statement whose value is obtained during statement execution. An application associates parameter markers to application variables. During the execution of the statement, the values of these variables replace each respective parameter marker. Data conversion might take place during the process.
For SQL statements that need to be executed many times, it is often beneficial to prepare the SQL statement once, and reuse the query plan by using parameter markers to substitute the input values during runtime. In DB2 9, a parameter marker is represented in one of two ways:
The first style, with a "?" character, is used in dynamic SQL execution (dynamic Embedded SQL, CLI, Perl, etc).
The second style represents the embedded SQL standard construction where the name of the variable is prefixed with a colon (:var1) . This style is used in static SQL execution and is commonly referred to as a host variable.
Use of either style indicates where an application variable is to be substituted inside an SQL statement. Parameter markers are referenced by number, and are numbered sequentially from left to right, starting at one. Before the SQL statement is executed, the application must bind a variable storage area to each parameter marker specified in the SQL statement. In addition, the bound variables must be a valid storage area, and must contain input data values when the prepared statement is executed against the database.
The following example illustrates an SQL statement containing two parameter markers:
SELECT * FROM customers WHERE custid = ? AND lastname = ?