Re: problems sending a string to execute in a stored procedure

---

• From: Sericinus hunter <serhunt@xxxxxxxxx>
• Date: Thu, 27 Jul 2006 13:10:56 -0400

---

EdwinSlyfingster wrote:

I need pass to a varchar param of a stored procedure a list with char values separated with comma ( , ) example: '2','3','4'

then, at the procedure the query make a ... in ( @param ) so in ( '2','3','4' )

the problem is the ado.net don´t permit passa quotation mark. No wonder, to saffe sql injection. I should like to know if someone has a idea.

You can use Parameters collection as already said. Or the following
will probably work too: '''2'',''3'',''4''' -- you double every
single quotation mark inside the string and add one more at the beggining
and the end.

But this will not solve your problem. The following SQL code will not work:

declare @param varchar(100)
set @param = '''2'',''3'',''4''' -- this will do your string assignment
select ColList from Table where SomeCol in (@param)

It is not going to work because IN clause expects a comma separated
list of actual values, while in your code you only have one varchar
value.
Here is a good article on the issue: http://www.sommarskog.se/arrays-in-sql.html
.

---

• Prev by Date: Problem with updating record with objectdatasource
• Next by Date: DataReader has Rows, but can't be read?
• Previous by thread: Problem with updating record with objectdatasource
• Next by thread: DataReader has Rows, but can't be read?
• Index(es):
  • Date
  • Thread

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)