ExecuteSQL
sqlQuery - an SQL query statement . The statement can include a Union clause that combines the results of two queries. The statement can contain programmatically generated SQL (dynamic parameters) that indicate where optional arguments are to be used in the query. Use the question mark character (?) to specify a dynamic parameter.
fieldSeparator - the character string used as a separator between fields in the result. If an empty string is specified, the separator is a comma. The field separator is not displayed after the last field in the result.
rowSeparator - the character string used as a separator between records in the result. If an empty string is specified, the separator is a carriage return. The row separator is not displayed after the last row in the result.
arguments- one or more expressions that are evaluated and used as values for the dynamic parameters in the query statement.
FileMaker Pro 12.0
ExecuteSQL enables you to execute SQL statements containing dynamic parameters to safely query FileMaker Pro databases in order to avoid security vulnerabilities through injection attacks.
ExecuteSQL cannot be used with SQL statements that modify data or the database schema (such as the Insert Into or Delete Table commands).
FileMaker Pro returns date and time data in Unicode/SQL format, not in the locale of the operating system or the file.
ExecuteSQL does not recognize relationships created in FileMaker Pro, which gives you flexibility to define relationships in SQL statements.
Suppose a database contains two tables, Employees and Salaries, which are related through the EmpID field.
You want to add a field to the Employees table that displays the percentage of an employee’s salary relative to the total salaries in a department. Though you could use a calculation in FileMaker Pro to generate this value, you can use the ExecuteSQL function to specify this query using dynamic parameters, which prevents confidential salary information from unauthorized access.
Define a calculation field in the Employees table, then use the ExecuteSQL function to specify the following query statement:
100 * Salary::Salary / ExecuteSQL("select sum(S.salary) from Employees E join Salary S on E.EmpID = S.EmpID where E.Department = ?"; ""; ""; Department)