Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
jhakkesteegt
Starting Member
3 Posts |
 Posted - 2007-07-12 : 06:20:32
|
| Can anyone tell me whether it is at all possible to use a named parameter in an IN() statement?I have not been able to find any documentation or articles that talk about IN() statements and parameters in the same query.I would like to use this in conjunction with VB.NET's SQLDataAdapter, (a good start to avoid sql injection attacks) |
|
|
cas_o
Posting Yak Master
154 Posts |
Posted - 2007-07-12 : 06:27:24
|
| Only with a subquery or dynamic sql.SUBQUERY:=========select * from table where field in (select field from table where field = criteria)DYNAMIC:========declare @list = varchar(4000)declare @sql = varchar(4000)select @list = '1,2,3,4'select @sql = 'select * from table where field in (' + list + ')'EXEC(@sql);-]... Quack Waddle |
 |
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
|
|
jhakkesteegt
Starting Member
3 Posts |
Posted - 2007-07-12 : 06:34:58
|
| Thanks cas_o.It answers my question, but unfortunately in the negative.I'll just have to build some parameter checking into my app... |
|
|
|
jhakkesteegt
Starting Member
3 Posts |
Posted - 2007-07-12 : 07:13:33
|
| Thanks Madhivanan for the good article. It definitely applies to my problem, and no wonder I didn't find it myself.Once again, unfortunately I can not use this type of solution in my app. So I'll just have to revert to coding. |
|
|
|
madhivanan
Premature Yak Congratulator
22864 Posts |
Posted - 2007-07-12 : 08:11:38
|
| <<unfortunately I can not use this type of solution in my app. >>Why?MadhivananFailing to plan is Planning to fail |
|
|
|
|
|
|
WHERE Table.Field IN(@NamedParameter) ?