Results 1 to 3 of 3
  1. #1
    Join Date
    Mar 2004
    Posts
    2

    Unanswered: How to use Parameter Query for SQL IN staetement

    I run into a problem to use prameter query for IN statement
    Declare @bID varchar(20)
    set @bID='1,2'
    SELECT * FROM test WHERE ID IN(@data)

    Is there a solution?

  2. #2
    Join Date
    May 2003
    Location
    Parsippany NJ
    Posts
    36
    You are almost there


    Declare @bID varchar(20)
    set @bID='1,2'
    print('SELECT * FROM a WHERE ID IN('+@bid+')')
    exec('SELECT * FROM a WHERE ID IN('+@bid+')')

  3. #3
    Join Date
    Mar 2004
    Posts
    2
    Thank you for providing a walk around.
    The purpose to use parameter query is to avoid SQL Injection security hole. By exec a sql statement will run into this problem.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •