EllsworthAdhesives
asked on
Getting a list of values into SQL Sproc via one parameter (ie. WHERE name IN( @param ) (where param is a comma delimited list of vals)
I ran into an issue with the ELB: multi-select list box (thrid part control for ASP.NET which allows for multiple dropdown selections). I have an ELB multi-selectable dropdown, and I want to send selected contents (ie. “Someone, SomeoneElse, ThirdPerson” , etc. as a varchar (say: “@ELB_vals”) parameter to a SQL stored proc that is constructed as follows (simplified for brevity):
SELECT * FROM tblUsers WHERE UserName IN(@ELB_vals)
I thought this would work, but for whatever reason, while sending a single value works, sending the delimited list will not work. I tried replacing all of the commas with ‘,’ which I thought MSSQL would approve of, but no. Does anyone know how I can format the selected values string into something that my sproc will take? (ie. I want the parameter to be 'Someone', 'SomeoneElse', 'ThirdPerson'----> as I said I tried doing this with Replace, however ASP.NET leaves the surrounding double quotes, making it "'Someone', 'SomeoneElse', 'ThirdPerson'", which causes the thing to fail.
Thanks for any help/suggestion in advance,
Colin
SELECT * FROM tblUsers WHERE UserName IN(@ELB_vals)
I thought this would work, but for whatever reason, while sending a single value works, sending the delimited list will not work. I tried replacing all of the commas with ‘,’ which I thought MSSQL would approve of, but no. Does anyone know how I can format the selected values string into something that my sproc will take? (ie. I want the parameter to be 'Someone', 'SomeoneElse', 'ThirdPerson'----> as I said I tried doing this with Replace, however ASP.NET leaves the surrounding double quotes, making it "'Someone', 'SomeoneElse', 'ThirdPerson'", which causes the thing to fail.
Thanks for any help/suggestion in advance,
Colin
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
SOLUTION
![Avatar of Guy Hengel [angelIII / a3]](https://filedb.experts-exchange.com/files/public/2013/11/25/ddbe0ea6-aa6e-4279-b781-57b735dd3ea0.jpeg){kind=small}
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
I would prefer the table function over the dynamic SQL to eliminate recompiles of the stored proc (and also retain the plan cache), as well as having a proper layer of abstraction for security on database objects, AND eliminating the risk of SQL injection.
ASKER
Man, you guys really know your SQL. I appeciate the help- your solution works perfect. Many, many thanks!
It's a pleasure. Good luck with your project.
Microsoft SQL Server
Microsoft SQL Server is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.SQL Server is available in multiple versions, typically identified by release year, and versions are subdivided into editions to distinguish between product functionality. Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning.
171K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
exec ('SELECT * FROM tblUsers WHERE UserName IN(' + @ELB_vals+ ')')