Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What am I doing wrong here?
string favorites = "210,213";
sqlCommand.CommandText = "select * from clients (nolock)
where Deleted = 0 and ClientID in (@favorites)";
sqlCommand.Parameters.AddWithValue("@favorites", favorites);
One other note: the “210,213” is just an example. It could be any length of numbers. That is why I am using the SQL IN operator.
Thanks.
That’s not how parameters work. You are actually trying to get clients where ClientID is equal to ‘210,213’. Well, that’s not a number, so there’s a failure.
Parametrized queries and
INclause are actually not trivially implemented together if yourINlist size is dynamic, changing from time to time.Read this SO question and answers: Parameterize an SQL IN clause
Generally, you’d have to dynamically assemble your SQL query, always keeping in mind issues like SQL Injection.
Further reading: