ADBC is an API for the Native SQL interface of the AS ABAP that is based on ABAP Objects. The ADBC methods can be used to pass
Native SQL statements to the database interface. They make it possible to
send database specific SQL commands to a database system and process the result
to establish and administer database connections.
The ADBC classes all begin with the prefix CL_SQL_ or CX_SQL_ and are documented. The following paragraphs briefly introduce the most important classes.
ADBC can always be used when access to a database using the Native SQL interface instead of the Open SQL interface is necessary.
ADBC does not support automatic client handling. The
client ID of a database
table must be specified explicitly. Note that application programs should only use data from the current client. See also the associated
security note and the programming guideline.
When the CDS database view of a
client-specific CDS view is accessed using Native
SQL and the client handling of the view is specified by the annotation @ClientHandling.algorithm:#SESSION_VARIABLE, the
session variable$session.client is generally evaluated here. Only on
SAP HANA databases, is
an instance of this session variable is created as a HANA session variable CDS_CLIENT. Its current value is used here. On other platforms, there can be unexpected behavior or the program may crash.
Alongside ADBC, it is also possible to embed Native
SQL statically between EXEC SQL and
ENDEXEC in ABAP programs. The recommendation, however, is to use ADBC.
While the static embedding of Native SQL offers exclusively static access to the Native SQL interface, ADBC makes modern object-oriented and dynamic access possible.
New developments and improvements, such as optimized performance using bulk access across internal tables, are now made only for ADBC.
The existing static embedding of Native SQL statements is still supported but should no longer be used in new programs.
Security Notes
If used wrongly, dynamic programming techniques can present a serious security risk. Any dynamic
content that is passed to a program from the outside must be checked thoroughly or escaped before being
used in dynamic statements. This can be done using the system class CL_ABAP_DYN_PRG
or the predefined function escape.
To be sure of stopping SQL
injections in ADBC, no parts of an SQL command that is not an operand position can come from outside
of the program. Variable parts in operand positions can only be implemented using ?
placeholders and the associated SET_PARAM methods, which in ADBC are not just possible in prepared statements, unlike in JDBC.
The program ADBC_DEMO and further programs with the prefix ADBC_DEMO_ demonstrate the methods of ADBC. Executable examples from the ABAP example library can be found under
ADBC Examples.