是否可以使用查询参数填充IN关键字

Is it possible to use query parameters to fill the IN keyword(是否可以使用查询参数填充IN关键字)

问题描述

Imagine a table with GUIDs as primary key. I would like to select a few of these rows based on their primary key. I would like to use a query like:

SELECT * FROM mytable WHERE id IN ('firstguidhere','secondguidhere');

I am using ADO.NET to query the database, so I would like to use a parametrized query instead of dynamic sql, which would obviously work, but I want to retain the benefits of parametrized queries (security, escaping, etc...).

Is it possible to fill the collection for the IN-clause using sql-parameters?

You could pass the list of GUIDs as a comma-separated string parameter and use a table-valued UDF to split them into a table to use in your IN clause:

SELECT *
FROM my_table
WHERE id IN (SELECT id FROM dbo.SplitCSVToTable(@MyCSVParam))

Erland Sommarskog has an interesting article with examples of how to split comma-separated strings into tables using a UDF.

(For performance reasons, you should ensure that your UDF is inline table-valued, rather than multi-statement.)

这篇关于是否可以使用查询参数填充IN关键字的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持编程学习网！