The Parameters folder allows you to define input parameters for your SQL query.

To create a new Input Parameter, simply right-click the Parameters folder and choose 'Add Query Parameter'. After renaming the input variable, check its data type on the properties pane, located on the right hand side.

To use the input parameter in your SQL statements, simply use the notation @ParameterName. As an example, if you want to create a query to find all Companies located in a certain Country:

Sending SQL Statements Through Parameters

In certain situations it is useful to make your query behave dynamically by specifying some of the SQL statements using input parameters. This way at runtime, the arguments are evaluated and the query is executed with the computed arguments.

To implement this, simply change the 'Expand Inline' property of the Input Parameter to 'Yes'.

As an example, if you want to allow end-users to choose the order by which the records are displayed, simply create an OrderBy input parameter, change its Expand Inline property to 'Yes' and design your query, using the new input parameter. Then, in the SQL properties send as argument 'ORDER BY [Company].{Name} ASC'.

When using this technique you should take special measures to prevent malicious SQL statements to run on your database (SQL injection). To avoid such scenarios you should use the EncodeSql built-in function on the arguments that will be expanded inline on the query.

See Also

About SQL