A
Andrew Backer
How can I pass something that I want to use as a paramter in the "in" clause
of a straight sql text query?
I have a SqlCommand that is of type .Text, and contains something like this"
.....SELECT * FROM dbo.Table WHERE date_id IN ( @date_id_list )
..... // date_id is an integer
I have tried passing this in: < 1','2','3','4 >, where there is a 'quote/comma/quote'
between each entry. This should at least put no single quote at the start
& end.
I suppose it is being helpful and "fixing" my quotes to double quotes <''>,
rendring my trickerly useless.
Is there a way to do this so that the SqlCommand won't do exactly what it
should be doing (sanitizing my input) on this parameter? I need IN clauses
a lot for this bit. In my case I am using a regular DataSet & DataAdapter,
so anything that fixes it there is even better, though I am not afraid to
modify the code. If I have to move to external queries, then I will, but
it would be nice to keep it all in the dataset. Right now, this is the only
thing stopping me.
// Andre
of a straight sql text query?
I have a SqlCommand that is of type .Text, and contains something like this"
.....SELECT * FROM dbo.Table WHERE date_id IN ( @date_id_list )
..... // date_id is an integer
I have tried passing this in: < 1','2','3','4 >, where there is a 'quote/comma/quote'
between each entry. This should at least put no single quote at the start
& end.
I suppose it is being helpful and "fixing" my quotes to double quotes <''>,
rendring my trickerly useless.
Is there a way to do this so that the SqlCommand won't do exactly what it
should be doing (sanitizing my input) on this parameter? I need IN clauses
a lot for this bit. In my case I am using a regular DataSet & DataAdapter,
so anything that fixes it there is even better, though I am not afraid to
modify the code. If I have to move to external queries, then I will, but
it would be nice to keep it all in the dataset. Right now, this is the only
thing stopping me.
// Andre