Solved

Help with query

Posted on 2011-09-22
6
168 Views
Last Modified: 2012-08-13
Hello, I'm trying to do this:

declare @Surveynumber varchar(50) set @SurveyNumber = 'Survey - 100089'
declare @SelectedItems varchar(max) set @SelectedItems = ('1647,1648')
Select * from SurveyDetails
Where SurveyNumber = @SurveyNumber
and SurveyDetailId in(select @SelectedItems)

But getting this error:
Conversion failed when converting the varchar value '1647,1648' to data type int.


I'm attempting to pass into the stored procedure a string of surveydetailid in the @SelectedItems but the surveydetailid is integer..

How can I get this to work???

0
Comment
Question by:gogetsome
  • 3
  • 3
6 Comments
 
LVL 11

Expert Comment

by:David Kroll
ID: 36581753
set @SelectedItems = '(1647,1648)'

then:

and SurveyDetailId in @SelectedItems

0
 

Author Comment

by:gogetsome
ID: 36581797
that thows this error:
Msg 245, Level 16, State 1, Line 4
Conversion failed when converting the varchar value '1647,1648' to data type int.
0
 
LVL 11

Expert Comment

by:David Kroll
ID: 36581861
ok, here's one way to do it, since there aren't integer arrays in sql

declare @Surveynumber varchar(50)
set @SurveyNumber = 'Survey - 100089'
 
create table #selecteditems (id int)

insert into #selecteditems (id) values (1647)
insert into #selecteditems (id) values (1648)

Select * from SurveyDetails
Where SurveyNumber = @SurveyNumber
and SurveyDetailId in (select id from #selecteditems)

drop table #selecteditems
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 

Author Comment

by:gogetsome
ID: 36581892
The problem is that I do not know the surveydetailid as they are passed in a comma seperated list from the application.


This works but I'm not sure on the performance or security.

declare @Surveynumber varchar(50) set @SurveyNumber = 'Survey - 100089'
declare @SelectedItems varchar(max) set @SelectedItems = ('1647,1648')

execute('Select * from SurveyDetails where SurveyDetailId in ('+@SelectedItems+')')

I'm thinking since all of this will be done by the application in code there will be no chance of a SQL injections as there will be no user inputed data. Do you think it would be safe to do it this way? Would there be performance issues?
0
 
LVL 11

Accepted Solution

by:
David Kroll earned 500 total points
ID: 36581942
Look into the split function to convert the comma delimited list into the temp table

http://blog.logiclabz.com/sql-server/split-function-in-sql-server-to-break-comma-separated-strings-into-table.aspx
0
 

Author Closing Comment

by:gogetsome
ID: 36582354
Thank for you help. This will work nicely.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When you hear the word proxy, you may become apprehensive. This article will help you to understand Proxy and when it is useful. Let's talk Proxy for SQL Server. (Not in terms of Internet access.) Typically, you'll run into this type of problem w…
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Via a live example, show how to extract insert data into a SQL Server database table using the Import/Export option and Bulk Insert.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

28 Experts available now in Live!

Get 1:1 Help Now