I run into a problem to use prameter query for IN statement
Declare @.bID varchar(20)
set @.bID='1,2'
SELECT * FROM test WHERE ID IN(@.data)
Is there a solution?You are almost there
Declare @.bID varchar(20)
set @.bID='1,2'
print('SELECT * FROM a WHERE ID IN('+@.bid+')')
exec('SELECT * FROM a WHERE ID IN('+@.bid+')')|||Thank you for providing a walk around.
The purpose to use parameter query is to avoid SQL Injection security hole. By exec a sql statement will run into this problem.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment