Reply to Re: select * from table where column = @AllValues? — MsSQL Server

Posted by Erland Sommarskog on 09/10/05 00:21

Rakesh Makhijani (rakeshmakhijani77@yahoo.com) writes:
> Sorry, I forgot to complete my code.
>
> In SP u can use
>
> declare @Sql varchar(8000),
> @AllValues varchar(1000)
>
> SELECT @Sql='select * from table where column IN (' + @AllValues + ') '
>
> exec (@Sql)

Not only this was appearenly the answer to the wrong question, it was
the wrong answer to that question. Do *not* use dynamic SQL for
for testing for a list of values. There are a number of ways to unpack
such a list into table, and they are both without security issues, and
have better performance. Please see
http://www.sommarskog.se/arrays-in-sql.html.

--
Erland Sommarskog, SQL Server MVP, esquel@sommarskog.se

Books Online for SQL Server SP3 at
http://www.microsoft.com/sql/techinfo/productdoc/2000/books.asp

[Back to original message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация