Posted by Erland Sommarskog on 09/10/05 00:21

Rakesh Makhijani (rakeshmakhijani77@yahoo.com) writes:
> Sorry, I forgot to complete my code.
>
> In SP u can use
>
> declare @Sql varchar(8000),
> @AllValues varchar(1000)
>
> SELECT @Sql='select * from table where column IN (' + @AllValues + ') '
>
> exec (@Sql)

Not only this was appearenly the answer to the wrong question, it was
the wrong answer to that question. Do *not* use dynamic SQL for
for testing for a list of values. There are a number of ways to unpack
such a list into table, and they are both without security issues, and
have better performance. Please see
http://www.sommarskog.se/arrays-in-sql.html.


--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp

• Next in forum: Re: SQL script - sum total issue
• Prev in forum: Re: SQL script - sum total issue
• Thread view: Re: select * from table where column = @AllValues?

[Reply to this message]