String Literals and Statement Strings
The Dynamic SQL statements prepare and execute immediate both use statement strings, which specify an SQL statement. To specify the statement string, use a string literal or character string variable, as follows:
EXEC SQL EXECUTE IMMEDIATE 'drop employee' END-EXEC
MOVE "drop employee" TO str.
EXEC SQL EXECUTE IMMEDIATE :str END-EXEC
As with regular embedded SQL string literals, the statement string delimiter is the single quote. However, quotes embedded in statement strings must conform to the runtime rules of SQL when the statement is executed.
For example, the following two dynamic insert statements are equivalent:
EXEC SQL PREPARE s1 FROM
INSERT INTO t1 VALUES (''single''''double" '')'
END-EXEC
and:
MOVE "INSERT INTO t1 VALUES ('single''double"" ')"
TO str.
EXEC SQL PREPARE s1 FROM :str END-EXEC
In fact, the string literal the embedded SQL/COBOL preprocessor generates for the first example is identical to the string literal assigned to the variable str in the second example.
The runtime evaluation of the above statement string is:
INSERT INTO t1 VALUES ('single''double" ')
As a general rule, it is best to avoid using a string literal for a statement string whenever it may contain the single or double quote character. Instead, try to build the statement string using the COBOL language's rules for string literals together with the SQL rules for the runtime evaluation of the string.