String Literals and Statement Strings
The Dynamic SQL statements prepare and execute immediate, both use statement strings that specify an SQL statement. To specify the statement string, use a string literal or character string variable.
Example: Statement string usage
exec sql execute immediate 'drop employee';
str = "drop employee";
exec sql execute immediate :str;
As with regular embedded SQL string literals, the statement string delimiter is the single quote. However, quotes embedded in statement strings must conform to SQL runtime rules when the statement executes. For example, the following dynamic insert statement:
exec sql prepare s1 from
'insert into t1 values (''single''''double"slash\ '')';
is equivalent to the statement:
str = "insert into t1 values
('single''double\"slash\\ ')";
exec sql prepare s1 from :str;
In fact, the string literal that the embedded SQL/C preprocessor generates for the first example matches the string literal assigned to the variable str in the second example. The runtime evaluation of the above statement string is:
insert into t1 values ('single''double"slash\ ');
Avoid using a string literal for a statement string whenever it contains quotes or the backslash character. Instead, build the statement string using the C language's rules for string literals together with the SQL rules for the runtime evaluation of the string.