是否可以使用查询参数填充IN关键字

Is it possible to use query parameters to fill the IN keyword(是否可以使用查询参数填充IN关键字)
本文介绍了是否可以使用查询参数填充IN关键字的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Imagine a table with GUIDs as primary key. I would like to select a few of these rows based on their primary key. I would like to use a query like:

SELECT * FROM mytable WHERE id IN ('firstguidhere','secondguidhere');

I am using ADO.NET to query the database, so I would like to use a parametrized query instead of dynamic sql, which would obviously work, but I want to retain the benefits of parametrized queries (security, escaping, etc...).

Is it possible to fill the collection for the IN-clause using sql-parameters?

解决方案

You could pass the list of GUIDs as a comma-separated string parameter and use a table-valued UDF to split them into a table to use in your IN clause:

SELECT *
FROM my_table
WHERE id IN (SELECT id FROM dbo.SplitCSVToTable(@MyCSVParam))

Erland Sommarskog has an interesting article with examples of how to split comma-separated strings into tables using a UDF.

(For performance reasons, you should ensure that your UDF is inline table-valued, rather than multi-statement.)

这篇关于是否可以使用查询参数填充IN关键字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!

本站部分内容来源互联网,如果有图片或者内容侵犯您的权益请联系我们删除!

相关文档推荐

DispatcherQueue null when trying to update Ui property in ViewModel(尝试更新ViewModel中的Ui属性时DispatcherQueue为空)
Drawing over all windows on multiple monitors(在多个监视器上绘制所有窗口)
Programmatically show the desktop(以编程方式显示桌面)
c# Generic Setlt;Tgt; implementation to access objects by type(按类型访问对象的C#泛型集实现)
InvalidOperationException When using Context Injection in ASP.Net Core(在ASP.NET核心中使用上下文注入时发生InvalidOperationException)
LINQ many-to-many relationship, how to write a correct WHERE clause?(LINQ多对多关系,如何写一个正确的WHERE子句?)