问题描述
Imagine a table with GUIDs as primary key. I would like to select a few of these rows based on their primary key. I would like to use a query like:
SELECT * FROM mytable WHERE id IN ('firstguidhere','secondguidhere');
I am using ADO.NET to query the database, so I would like to use a parametrized query instead of dynamic sql, which would obviously work, but I want to retain the benefits of parametrized queries (security, escaping, etc...).
Is it possible to fill the collection for the IN-clause using sql-parameters?
You could pass the list of GUIDs as a comma-separated string parameter and use a table-valued UDF to split them into a table to use in your IN clause:
SELECT *
FROM my_table
WHERE id IN (SELECT id FROM dbo.SplitCSVToTable(@MyCSVParam))
Erland Sommarskog has an interesting article with examples of how to split comma-separated strings into tables using a UDF.
(For performance reasons, you should ensure that your UDF is inline table-valued, rather than multi-statement.)
这篇关于是否可以使用查询参数填充IN关键字的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持编程学习网!