👁 0
Q: What is dynamic SQL?
Answer:
Dynamic SQL constructed at runtime. PREPARE creates executable. EXECUTE runs it. EXECUTE IMMEDIATE for one-time. DECLARE CURSOR for queries. More flexible but less efficient than static. Security concerns (injection).
👁 0
Q: What is EXEC CICS SEND CONTROL?
Answer:
SEND CONTROL sends control functions. EXEC CICS SEND CONTROL ERASE FREEKB. Clears screen, unlocks keyboard. No map or data. Prepare terminal for next operation.
👁 0
Q: How to prevent SQL injection?
Answer:
Use parameter markers (?), not concatenation. PREPARE stmt FROM 'SELECT * FROM t WHERE c = ?'. EXECUTE stmt USING :hostvar. Never build SQL with user input directly. Validate input. Use static SQL when possible.