I am trying to execute queries on a layer based on user input. All the examples I see for doing this look something like this:
query.where = "NAME = '" + rawUserInput + "'";
I'm aware that the risk of SQL injection is something the server administrator is responsible for taking care of, however even when ignoring potential security issues, we still have inconvenient bugs to be concerned about. I will still need to think about escaping single quotes, and who knows what other special characters, before dumping them into the query.
It would certainly be nice if we could do properly parameterized queries. I see there's a parameterValues property I could use, however I can't actually figure out how to use it, and I see no examples anywhere in all my web searches.
Are parameterized queries even possible? Can I have an example?
Related StackOverflow question
Related Reddit thread