Link to home
Start Free TrialLog in
Avatar of hiteshspatel
hiteshspatel

asked on

parameters in query which uses "IN" keyword

Hi All,
I know how to use parameterized query. But I am not sure how can I implement parameterized query in query like " select * from visitors where visitortype in ('abc','pqr')"

the following code does not give any error but it is not giving desired result either. In sql query analyser, I tested same query and it returns few rows, but in application it returns 0 rows.

How can I use parameters in query which uses "IN" keyword

  OleDbConnection con = new OleDbConnection("-----connection string-----");
            string strCmd = "select * from visitors where visitortype in (?)";
            OleDbCommand cmd = new OleDbCommand(strCmd, con);
            cmd.Parameters.Add("test", OleDbType.VarChar);
            cmd.Parameters["test"].Value = "'abc','pqr'";
            OleDbDataAdapter adp = new OleDbDataAdapter(cmd);
            DataSet ds = new DataSet();
            con.Open();
            adp.Fill(ds);
            con.Close();

            Response.Write(ds.Tables[0].Rows.Count.ToString());
Avatar of ALaRiva
ALaRiva
Flag of United States of America image

The IN cannot refer to a parameter.

Basically, what your code is seeing is that it's looking for that value in ONE LONG STRING, versus looking for that value in multiple values list.

The general way to get around this is by concatenating the SQL Command.

So something like this...
string strCmd = "select * from visitors where visitortype in (" + varValues + ")";

Where varValues is the string of values you want to use.  You'll have to go around the parameter method, and just take whatever you planned on putting into the parameter, and put it into a variable that you can concatenate with the SQL Statement.

hth

- Anthony
I think you want to use the Contains() function.

Select * From Table1
   Where Contains('lname', 'smi*')
Well the best way would be,

Iterate through the table rows and call the stored proc just before the for loop ends, and give the parameter as (assuming @ID is the paramater you want to use with IN), where id= @ID

roughly it should look like
for(....)
{
// code
call stored proc...
where Id = @ID
}
so that each time your for loop executes it will filter the query more efficiently


Hope that helps,
Cheers!
Avatar of Rahul Agarwal
try this statement :

OleDbConnection con = new OleDbConnection("-----connection string-----");
            string strCmd = "select * from visitors where visitortype in (@test)";
            OleDbCommand cmd = new OleDbCommand(strCmd, con);
            cmd.Parameters.Add("@test", OleDbType.VarChar);
            cmd.Parameters["@test"].Value = "'abc','pqr'";

            OleDbDataAdapter adp = new OleDbDataAdapter(cmd);
            DataSet ds = new DataSet();
            con.Open();
            adp.Fill(ds);
            con.Close();

            Response.Write(ds.Tables[0].Rows.Count.ToString());
Oops I way misunderstood this question. Sorry for my way-off comment.
Avatar of hiteshspatel
hiteshspatel

ASKER

@alariva,

I do not want use direct SQL statement. because some one may insert value with single quote like "John 's car". In this case, sql statement will be broken.


@agarwalrahul,

I am using Oledb provider so I cannot use "@" sign in parameter.
ASKER CERTIFIED SOLUTION
Avatar of hiteshspatel
hiteshspatel

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I really appreciate the input from experts. But I solved my problem the way I mentioned.

Thanks,