The local variable conversion converts SQL statements that are found in the application source code on one command line and also contain at least one "local variable" which will be replaced by the application before the SQL statement is sent to the server. The SQL Scanner encloses the variable name with @[variablename] and removes the concatenate character and the quotes surrounding the SQL text.
For example:
"" FROM EMPLOYEE WHERE EMP_ID > 100" + VEMPID + "SELECT
SELECT FROM EMPLOYEE WHERE EMP_ID > 100@[VEMPID]
Note: The local variables in a scanned SQL statement should be treated as replacement or substitute variables rather than parameters. Therefore, you should hard code the values before you optimize the SQL statement. The reason for hard coding the values is that the local variables may be literals and when the application is run, these values are replaced before the SQL is sent to the database. That is why the SQL Scanner puts the variable within bracket to differentiate the local variables from the parameters.
© ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center
