Solved

parameters  in  query which uses "IN" keyword

Posted on 2011-02-16
8
270 Views
Last Modified: 2012-05-11
Hi All,
I know how to use parameterized query. But I am not sure how can I implement parameterized query in query like " select * from visitors where visitortype in ('abc','pqr')"

the following code does not give any error but it is not giving desired result either. In sql query analyser, I tested same query and it returns few rows, but in application it returns 0 rows.

How can I use parameters in query which uses "IN" keyword

  OleDbConnection con = new OleDbConnection("-----connection string-----");
            string strCmd = "select * from visitors where visitortype in (?)";
            OleDbCommand cmd = new OleDbCommand(strCmd, con);
            cmd.Parameters.Add("test", OleDbType.VarChar);
            cmd.Parameters["test"].Value = "'abc','pqr'";
            OleDbDataAdapter adp = new OleDbDataAdapter(cmd);
            DataSet ds = new DataSet();
            con.Open();
            adp.Fill(ds);
            con.Close();

            Response.Write(ds.Tables[0].Rows.Count.ToString());
0
Comment
Question by:hiteshspatel
8 Comments
 
LVL 10

Expert Comment

by:ALaRiva
ID: 34912051
The IN cannot refer to a parameter.

Basically, what your code is seeing is that it's looking for that value in ONE LONG STRING, versus looking for that value in multiple values list.

The general way to get around this is by concatenating the SQL Command.

So something like this...
string strCmd = "select * from visitors where visitortype in (" + varValues + ")";

Where varValues is the string of values you want to use.  You'll have to go around the parameter method, and just take whatever you planned on putting into the parameter, and put it into a variable that you can concatenate with the SQL Statement.

hth

- Anthony
0
 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34912064
I think you want to use the Contains() function.

Select * From Table1
   Where Contains('lname', 'smi*')
0
 
LVL 10

Expert Comment

by:himanshut
ID: 34912172
Well the best way would be,

Iterate through the table rows and call the stored proc just before the for loop ends, and give the parameter as (assuming @ID is the paramater you want to use with IN), where id= @ID

roughly it should look like
for(....)
{
// code
call stored proc...
where Id = @ID
}
so that each time your for loop executes it will filter the query more efficiently


Hope that helps,
Cheers!
0
 
LVL 13

Expert Comment

by:agarwalrahul
ID: 34913315
try this statement :

OleDbConnection con = new OleDbConnection("-----connection string-----");
            string strCmd = "select * from visitors where visitortype in (@test)";
            OleDbCommand cmd = new OleDbCommand(strCmd, con);
            cmd.Parameters.Add("@test", OleDbType.VarChar);
            cmd.Parameters["@test"].Value = "'abc','pqr'";

            OleDbDataAdapter adp = new OleDbDataAdapter(cmd);
            DataSet ds = new DataSet();
            con.Open();
            adp.Fill(ds);
            con.Close();

            Response.Write(ds.Tables[0].Rows.Count.ToString());
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 9

Expert Comment

by:rawinnlnx9
ID: 34913355
Oops I way misunderstood this question. Sorry for my way-off comment.
0
 

Author Comment

by:hiteshspatel
ID: 34915879
@alariva,

I do not want use direct SQL statement. because some one may insert value with single quote like "John 's car". In this case, sql statement will be broken.


@agarwalrahul,

I am using Oledb provider so I cannot use "@" sign in parameter.
0
 

Accepted Solution

by:
hiteshspatel earned 0 total points
ID: 34930048
Hi All,
Thanks for your input.
I solved my problem in following way:

I converted query "select * from visitors where visitortype in ('abc','pqr')" into
 "select * from visitors where (visitortype = 'abc' or visitortype = 'pqr') and then used parameters.
My query is totally dynamic, the number of columns are decided as per end-user's configuration. So I could not use any other option.


0
 

Author Closing Comment

by:hiteshspatel
ID: 34959254
I really appreciate the input from experts. But I solved my problem the way I mentioned.

Thanks,
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In .NET 2.0, Microsoft introduced the Web Site.  This was the default way to create a web Project in Visual Studio 2005.  In Visual Studio 2008, the Web Application has been restored as the default web Project in Visual Studio/.NET 3.x The Web Si…
Real-time is more about the business, not the technology. In day-to-day life, to make real-time decisions like buying or investing, business needs the latest information(e.g. Gold Rate/Stock Rate). Unlike traditional days, you need not wait for a fe…
A short film showing how OnPage and Connectwise integration works.
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now