Parameterized queries with RODBC

r sql rodbc

I have a variable in R that I would like to pass to a database. I could use paste like many suggest when reading Google results, but that is unsafe because of SQL injection vulnerabilities. I'd rather prefer something like this:

x <- 42
sqlQuery(db, 'SELECT Id, Name FROM People WHERE Age > ?;', bind=c(x))

Is it possible to use parameterized queries with RODBC? If not, is there an alternative library that supports them?

I'm using SQL Server, RODBC 1.3-6 and R 3.0.0.


Mateusz Zoltak wrote RODBCext package in 2014 (based on work by Brian Ripley and Michael Lapsley):

conn = odbcConnect('MyDataSource')

sqlPrepare(conn, "SELECT * FROM myTable WHERE column = ?")
sqlExecute(conn, 'myValue')
sqlFetchMore(conn)

Source: http://cran.r-project.org/web/packages/RODBCext/vignettes/Parameterized_SQL_queries.html

Related

How to convert json into datatable?
Java center text in rectangle
Will an iframe render in quirks mode?
Center image element in parent div
Plot one numeric variable against n numeric variables in n plots
MapView rendering with tiles missing with an "x" in the center
Memory Management in Objective-C [duplicate]
How to kill sub activities and bring activity to top of stack
Disallow call with any
Convert words (string) to Int
When to use the AngularJS `$onInit` Life-Cycle Hook
Pointer vs array in C, non-trivial difference