Executes an SQL query on a database. The value from the first column of the first row is returned. With this function, you can execute any SQL query or command supported by the SQL database. If it doesn’t return any data (like INSERT or UPDATE), a respective error code is set which can be tested by calling IsError()).
Note: All types of fields can be requested in statements, but SCADA has to convert values of the fields to MBCS 8-bit strings which is not always possible. For example either single byte database strings or numbers can be converted to MBCS 8-bit strings, multi-byte strings can be converted to MBCS (their proper presentation depends on correct setup of SCADA and OS), while blobs cannot be encoded at all.
This function is a blocking function and should not be called from a foreground task.
Queries which are built on the basis of user data, for example inputed by users via graphics pages or forms, may be prone to SQL Injection attacks. In such case, try to limit the risk by using CiCode functions from parameterized queries group and refer to a professional advice in this matter.
|
NOTICE |
|
SECURITY BREACH VIA SQL INJECTION - Validate all textbox entries using validation controls, regular expressions and code Failure to follow these instructions can result in equipment damage. |
Syntax
SQLGetScalar(hGeneral, sSelect, isNull)
hGeneral:
The handle either to the DB connection object (returned from either SQLCreate() or SQLConnect() function) or to the query handle (returned from SQLQueryCreate()). When it is the connection handle and sSelect is an empty string, the operation is performed on the first query in that DB connection object. When it is the query handle, the operation is performed on that query through the DB object which is associated to it.
sSelect:
The SQL query to be sent to the SQL database.
isNull:
Output Parameter: Indicated whether the returned variable is NULL. The argument is returned by the function.
Return Value
String representing a value from the first column and the first row of the result of executing the SQL query. If the value is NULL, the string is empty and isNull parameter is set to TRUE. If there are no records in the result, the string is empty and the error code is set to 294. For details of the 307 error code, call the SQLErrMsg() function. The presence of error code can be tested by calling the IsError() CiCode function.
Related Functions
SQLCreate, SQLOpen, SQLClose, SQLDispose, SQLConnect, SQLDisconnect, SQLInfo, SQLSet, SQLAppend, SQLExec, SQLGetRecordset, SQLCall, SQLGetScalar, SQLEnd
See Also
Published June 2018