Contribute
C#

Parameterize a query containing an IN clause

Parameterize a query containing an IN clause

 

For example we have query like this and you wanted to parameterize it in your C# code for obvious security reasons:

select * from Tags

where Name in ('var','cars','mud','cure')

order by Count desc

 

To achieve it in your C# code:

Create an array that consists of all the values of IN clause

        string[] tags = new string[] { "var""cars","mud""cure" };

Create the Query like this:

        const string cmdText = "select * from tags where '|' + @tags + '|' like '%|' + Name + '|%'";

 

Now in your command object add the array using string.Join() function.

 

        using (SqlCommand cmd = newSqlCommand(cmdText))

        {

            cmd.Parameters.AddWithValue("@tags",string.Join("|", tags));

        }

 

And you are done!!

Read more here at www.cshandler.com
Ebook Download
View all
Learn
View all
Get Started

You need to be a premium member to use this feature. To access it, you'll have to upgrade your membership.

Become a sharper developer and jumpstart your career.

Basic

$0

$

. 00

monthly

For Basic members:

  • Standard Profile
  • Access learning courses
  • Access free e-books
  • 1x point
Premium

$20

$

. 00

monthly

For Premium members:

  • Earn 2x reward points
  • Premium profile with Verified check
  • Premium Avatar with status update
  • Learning courses
  • Unlimited Certifications and badges on profile
  • Unlimited Book downloads
  • Access to Premium content
  • Online Training
  • Unlimited PDF conversions and downloads
  • Professional Resume Writing
  • Interview Preparations Guide
  • 25 messages per month
  • 1 "Kodzu" avatar, basic
Elite

$45

$

. 00

monthly

For Elite members:

  • Bundle E-books
  • Access to all Learn Series
  • Unlimited Apply Jobs