# QueryParam
Used to verify or strongly type a query parameter to a valid SQL Type.
## Component Signature
```
```
### Attributes
| Atrribute | Type | Required | Description | Default |
| ----------- | --------- | -------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- |
| `value` | `any` | `false` | The value of the parameter | |
| `sqltype` | `string` | `false` | The SQL type of the parameter. One of: bigint, bit, blob, boolean, char, clob, date, decimal, double, float, int, integer, idstamp, longvarchar, money, numeric, real, smallint, string,
time, timestamp, tinyint, varbinary, or varchar.
| |
| `maxLength` | `integer` | `false` | The maximum length of the parameter | |
| `scale` | `integer` | `false` | The scale of the parameter, used only on `double` and `decimal` types. Defaults to `null` | |
| `null` | `boolean` | `false` | Whether the parameter can be null or not. | |
| `list` | `boolean` | `false` | Whether the parameter is a list or not | |
| `separator` | `string` | `false` | The separator to use for the parameter. Defaults to a comma. | |
## Examples
Use bx:queryParam to protect your application from SQL-injection attacks:
```html
SELECT *
FROM content
WHERE id=
```
It is highly recommended to set the `sqltype` of the incoming data:
```html
SELECT *
FROM content
WHERE id=
```
### Using Lists in QueryParam
For SQL `IN` clauses with comma-separated param values, use `list=true`:
```html
SELECT *
FROM media
WHERE type IN
```
Assuming `url.mediaTypes` is equal to `book,magazine,newspaper`, this will generate the following SQL statement:
```sql
SELECT *
FROM books
WHERE title IN (?,?,?)
```
### Basic example
Shows how to use a bx:queryparam tag within bx:query.
```java
SELECT id,title,story
FROM news
WHERE id =
```
### Using a list on an IN statement
Assumes url.idList is a comma separated list of integers, eg: 1,2,3
```java
SELECT id,title,story
FROM news
WHERE id IN ()
```
### Using an expressions to controll null values
Shows a basic example of using an expression to control whether null is passed to the queryparam
```java
INSERT into test ( key, value )
VALUES(
)
```
### script equivalent of bx:queryparam
Script syntax using queryExecute and struct notation
[Run Example](https://try.boxlang.io/?code=eJxdj0FLw0AQhc%2FZX%2FHYU4VFqMeKF82KhcZKXRApPQzNqME0qZtZ0yL57262COrtzTDvfW%2F4QLt9zTkJ4Qofgf3xnvsJdFUaqaRmbaJuhF%2FZm0%2Fy2zfycbWGyr5UlsUzjRmmZtSn%2BzjqnHs%2BouQXJungfNhRo1U2mD%2Bui3%2Bughr0VL93aBsUbZssaoOzS%2BW5C7X8NLQH3gbh2PLRLuyNQ8rA7WpZgH899HRnVxZVGX2ziDSI8Hk%2BktWQhvzaPT%2FYkZ1ytRpGWO8r4WWQfZAJTuRzN3cLu8YUqc43E7xZtg%3D%3D)
```java
exampleData = queryNew( "id,title", "integer,varchar", [
{
"id" : 1,
"title" : "Dewey defeats Truman"
},
{
"id" : 2,
"title" : "Man walks on Moon"
}
] );
result = queryExecute( "SELECT title FROM exampleData WHERE id = :id", {
ID : 2
}, {
DBTYPE : "query"
} );
writeOutput( result.TITLE[ 1 ] );
```
Result: Man walks on Moon
### script equivalent of bx:queryparam
Script syntax using queryExecute and struct notation for multiple parameters
[Run Example](https://try.boxlang.io/?code=eJx1kFFLwzAUhZ%2BbX3HJ05QibI8TH%2BaS4aDddIuKDBmhvdNi1m5pYjek%2F31pakGHvoSbcE7udw4e5HankEkj4Qb2FvVxhlUPaJaGJjMKaejm3OAb6vBT6uRdave0AhJ8kSBwMgpD6IfN3OrdlTKs8AgpblCaEoS2W5lTEtThL9fgzBXLHCqpPkoocoiLwlvIK1xcE42lVaYj5AdMrEFHueQRHwu4hMliHgP%2BCPN8xxccstR5hu4czRj4Tc29C%2BZYxFRE3C1vsJ5G0SP%2FG6QhHU%2BWD5F4ufeSZLMu92rdNdJmm7Kznwb%2F%2Bb4b9QFrD8JuO4mPSEnd5K50ZnBuzc6aHrQlXHnkFfTBN3MCe1l%2FoA%3D%3D)
```java
exampleData = queryNew( "id,title", "integer,varchar", [
{
"id" : 1,
"title" : "Dewey defeats Truman"
},
{
"id" : 2,
"title" : "Man walks on Moon"
}
] );
result = queryExecute( "SELECT * FROM exampleData WHERE id = :id AND title = :title", {
TITLE : {
VALUE : "Man walks on Moon",
sqltype : "varchar"
},
ID : {
VALUE : 2,
sqltype : "integer"
}
}, {
DBTYPE : "query"
} );
writeOutput( result.TITLE[ 1 ] );
```
Result: Man walks on Moon
### script equivalent of bx:queryparam
script syntax using queryExecute and full array notation
[Run Example](https://try.boxlang.io/?code=eJxdj1FLwzAUhZ%2BbX3HI04QgzEdFRNcMhdbpVhUZMkJ7p8Ws3dLEbsj%2Bu2lKQX27uZwv57u0V5utplhZhUvsHJnDPbUj8LIQtrSauPBzZemdjPhSJv9Qxq%2BWYNE3iyIf4zjHWHRzn%2FdPHlNLBxS0JmUbZMZtVMVZdBR%2FqLN%2FVKoqtEp%2FNqgrpHUdEPaGkwtmqHHaDoZyT7mz5C0XMpGTDOEPTOezFPTroJdbOZcoC89dddJ9%2B%2FN18iSH%2Bsl08Zhkrw%2FdgufrVbPTq%2BHM0C7gmfhmiIR%2Bzo6dVGtKSzNnt86O0BueZndZIpcYI2j%2FAItzZEQ%3D)
```java
exampleData = queryNew( "id,title", "integer,varchar", [
{
"id" : 1,
"title" : "Dewey defeats Truman"
},
{
"id" : 2,
"title" : "Man walks on Moon"
}
] );
result = queryExecute( "SELECT title FROM exampleData WHERE id = ?", [
{
VALUE : 2,
sqltype : "varchar"
}
], {
DBTYPE : "query"
} );
writeOutput( result.TITLE[ 1 ] );
```
Result: Man walks on Moon
### script equivalent of bx:queryparam
script syntax using queryExecute and array shorthand
[Run Example](https://try.boxlang.io/?code=eJxdj01Lw0AQhs%2B7v%2BJlTxUWoT0qImhWFBordaFI6WFoRg2mSd3Mmhbpf3eTIlhvM8P78QzvaLOtOCMhXOEzctg%2FcjeCKQsrpVRsbJpr4TcO9ovC%2Bp1COi2h1bdWKskMLjC2%2FXzUp9Vk3PEeBb8ySQsf4oZqo9XBnrgm%2F1w51eio%2BmjR1MibZrDoFc4udeA2VvJL6Ha8jsKJ8tlN3a3HkIG7%2BSwH%2F3loce%2FmDmWRfNc9tFYTvbJICNmNf3lyfekQaPShb%2BlCKTyLso0ywrHy3D%2F4qVtijIHjB54oV6c%3D)
```java
exampleData = queryNew( "id,title", "integer,varchar", [
{
"id" : 1,
"title" : "Dewey defeats Truman"
},
{
"id" : 2,
"title" : "Man walks on Moon"
}
] );
result = queryExecute( "SELECT title FROM exampleData WHERE id = ?", [
2
], {
DBTYPE : "query"
} );
writeOutput( result.TITLE[ 1 ] );
```
Result: Man walks on Moon
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://boxlang.ortusbooks.com/boxlang-language/reference/components/jdbc/queryparam.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.