Merged PR 5282: Check if statement is prepared before calling SQLExecute

- If you send a statement with param markers & params list to DDBCSQLExecute, with usePrepare=false, the C++ code will bind the params & then call SQLExecute without preparing the statement. The ODBC code for SQLExecute crashes due to a memory violation.
 - SQLExecute is supposed to be called only after preparing a statement. Ideally this case should give an error. But it's causing a crash in python driver
- RCA - after attaching debugger & stepping over the DDBC & ODBC code, it looks like the check to error out when user executes without prepare is handled by windows Driver Manager. So ODBC code assumes this as a given & doesn't have checks around it. This is causing memory violation.

Since Python Driver will not use Driver Manager, this task adds a check inside Python Driver to make sure that we don't call SQLExecute API on unprepared statements.

**Implementation details:**
- ODBC has internal fields to tell if a statement is already prepared or not, but it does not expose these APIs to external users. So we cannot use ODBC APIs to tell if a statement is prepared.
- The only other alternative is populate the is_stmt_prepared info in C++ code, but save this state for every statement in cursor class of Python code. This is what I've implemented

**This PR also has following changes:**
- Removed parameter binding code from SQLExecute_wrap & refactored it into BindParameters function.
- Provide Release/Debug as parameter to build.bat script

----
----
#### AI description  (iteration 1)
#### PR Classification
Bug fix to prevent memory violation by ensuring SQLExecute is called only on prepared statements.

#### PR Summary
This pull request adds a check to ensure that SQLExecute is not called on unprepared statements, preventing a memory violation crash in the Python driver.
- `mssql_python/pybind/ddbc_bindings.cpp`: Added a check to ensure statements are prepared before calling SQLExecute and refactored parameter binding into a separate function.
- `mssql_python/pybind/build.bat`: Updated build script to support different build types (Debug/Release).
<!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot -->

Related work items: #33723

Author: Theekshna Kotian

mssql_python/cursor.py

@@ -57,6 +57,11 @@ def __init__(self, connection) -> None:
         self.arraysize = 1
         self.buffer_length = 1024  # Default buffer length for string data
         self.closed = False  # Flag to indicate if the cursor is closed
+        self.last_executed_stmt = "" # Stores the last statement executed by this cursor
+        self.is_stmt_prepared = [False] # Indicates if last_executed_stmt was prepared by ddbc shim.
+                                        # Is a list instead of a bool coz bools in Python are immutable.
+                                        # Hence, we can't pass around bools by reference & modify them.
+                                        # Therefore, it must be a list with exactly one bool element.
 
     def _is_unicode_string(self, param):
         """
@@ -433,11 +438,20 @@ def execute(self, operation: str, *parameters, use_prepare: bool = True, reset_c
                 for i, param in enumerate(parameters):
                     paraminfo = self._create_parameter_types_list(param, ParamInfo, parameters, i)
                     parameters_type.append(paraminfo)
+
+            # TODO: Use a more sophisticated string compare that handles redundant spaces etc.
+            #       Also consider storing last query's hash instead of full query string. This will help
+            #       in low-memory conditions (Ex: huge number of parallel queries with huge query string sizes)
+            if operation != self.last_executed_stmt:
+                # Executing a new statement. Reset is_stmt_prepared to false
+                self.is_stmt_prepared = [False]
             '''
             Execute SQL Statement - (SQLExecute)
             '''
-            ret = ddbc_bindings.DDBCSQLExecute(self.hstmt.value, operation, parameters, parameters_type, use_prepare)
+            ret = ddbc_bindings.DDBCSQLExecute(self.hstmt.value, operation, parameters, parameters_type,
+                                               self.is_stmt_prepared, use_prepare)
             check_error(odbc_sql_const.SQL_HANDLE_STMT.value, self.hstmt.value, ret)
+            self.last_executed_stmt = operation
         except Exception as e:
             if ENABLE_LOGGING:
                 logging.error("An error occurred while executing query: %s", e)
@@ -460,13 +474,23 @@ def executemany(self, operation: str, seq_of_parameters: list) -> None:
             # Reset the cursor once before the loop
             self._reset_cursor()
 
+            first_execution = True
             for parameters in seq_of_parameters:
                 # Execute the operation with the current set of parameters without 
                 # Converting the parameters to a list
                 parameters = list(parameters)
                 if ENABLE_LOGGING:
                     logging.info("Executing query with parameters: %s", parameters)
-                self.execute(operation, parameters, use_prepare=True, reset_cursor=False)
+                # Prepare the statement only during first execution. From second time
+                # onwards, skip preparing and directly execute. This helps avoid
+                # unnecessary 'prepare' network calls.
+                if first_execution:
+                    prepare_stmt = True
+                    first_execution = False
+                else:
+                    prepare_stmt = False
+                # Execute statement with one parameter set
+                self.execute(operation, parameters, use_prepare=prepare_stmt, reset_cursor=False)
         except Exception as e:
             if ENABLE_LOGGING:
                 logging.error("An error occurred while executing multiple queries: %s", e)

mssql_python/pybind/build.bat

@@ -1,8 +1,21 @@
+:: Usage -
+:: 1)   "cd mssql_python/pybind"
+:: 2)a) "build.bat"         - Generates debug build of DDBC bindings
+:: 2)b) "build.bat Release" - Generates release build of DDBC bindings
+:: 2)c) "build.bat Debug"   - Generates debug build of DDBC bindings
+
+rmdir /s /q build
 mkdir build
 cd build
 del CMakeCache.txt
-cmake -DPython3_EXECUTABLE="python3" -DCMAKE_BUILD_TYPE=Release ..
-msbuild ddbc_bindings.sln /p:Configuration=Release
-move /Y Release\ddbc_bindings.pyd ..\..\ddbc_bindings.pyd
+
+IF "%1"=="" (
+  set BUILD_TYPE=Debug
+) ELSE (
+  set BUILD_TYPE=%1
+)
+
+cmake -DPython3_EXECUTABLE="python3" -DCMAKE_BUILD_TYPE=%BUILD_TYPE% ..
+msbuild ddbc_bindings.sln /p:Configuration=%BUILD_TYPE%
+move /Y %BUILD_TYPE%\ddbc_bindings.pyd ..\..\ddbc_bindings.pyd
 cd ..
-rmdir /s /q build