Home   |   Register   |   Rules   |   Calendar   |   Get Daily   |     |  
 


If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

 
Go Back  dBforums > Data Access, Manipulation & Batch Languages > ANSI SQL > How to use Parameter Query for SQL IN staetement

Reply
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 03-11-04, 20:09
shine shine is offline
Registered User
  
Join Date: Mar 2004
Posts: 2
How to use Parameter Query for SQL IN staetement
I run into a problem to use prameter query for IN statement
Declare @bID varchar(20)
set @bID='1,2'
SELECT * FROM test WHERE ID IN(@data)

Is there a solution?
Reply With Quote
  #2 (permalink)  
Old 03-11-04, 21:03
ClaireHsu ClaireHsu is offline
Registered User
  
Join Date: May 2003
Location: Parsippany NJ
Posts: 36
You are almost there


Declare @bID varchar(20)
set @bID='1,2'
print('SELECT * FROM a WHERE ID IN('+@bid+')')
exec('SELECT * FROM a WHERE ID IN('+@bid+')')
Reply With Quote
  #3 (permalink)  
Old 03-12-04, 12:51
shine shine is offline
Registered User
  
Join Date: Mar 2004
Posts: 2
Thank you for providing a walk around.
The purpose to use parameter query is to avoid SQL Injection security hole. By exec a sql statement will run into this problem.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


 
 
 
Home  |   Register  |   Get New  |   FAQ's  |   Sitemap

Powered by vBulletin
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.