[{"data":1,"prerenderedAt":1255},["ShallowReactive",2],{"blog:2006:parameterising-the-in-clause-of-an-sql-select-in-net":3,"blogMore-Development":1097,"comments-parameterising-the-in-clause-of-an-sql-select-in-net":1110},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"category":11,"tags":12,"excerpt":16,"body":31,"_type":1089,"_id":1090,"_source":1091,"_file":1092,"_stem":1093,"_extension":1094,"url":1095,"wordCount":1096,"minutes":416,"commentCount":563},"/blog/2006/parameterising-the-in-clause-of-an-sql-select-in-net","2006",false,"en","Parameterising the IN clause of an SQL SELECT in .NET","I’m a fan of parameterized queries with a strong dislike for building SQL (or other magic strings). Encoding, escaping errors, localization formatting problems and injection can run rampant when you think everything is a string.","2006-10-25T17:36:30+00:00","Development",[13,14,15],".NET","SQL","C#",{"type":17,"children":18},"root",[19,26],{"type":20,"tag":21,"props":22,"children":23},"element","p",{},[24],{"type":25,"value":9},"text",{"type":20,"tag":21,"props":27,"children":28},{},[29],{"type":25,"value":30},"Today I found myself a quandary as I needed to SELECT records based on a list of values I had. e.g.",{"type":17,"children":32,"toc":1084},[33,37,44,48,165,170,213,218,277,282,287,317,322,328,333,338,343,349,1069,1078],{"type":20,"tag":21,"props":34,"children":35},{},[36],{"type":25,"value":9},{"type":20,"tag":38,"props":39,"children":41},"h2",{"id":40},"problem",[42],{"type":25,"value":43},"Problem",{"type":20,"tag":21,"props":45,"children":46},{},[47],{"type":25,"value":30},{"type":20,"tag":49,"props":50,"children":55},"pre",{"className":51,"code":52,"language":53,"meta":54,"style":54},"language-sql shiki shiki-themes everforest-light dracula","SELECT * FROM Products WHERE ProductCode IN ('ABC123', 'DEF456', 'GHI789')\n","sql","",[56],{"type":20,"tag":57,"props":58,"children":59},"code",{"__ignoreMap":54},[60],{"type":20,"tag":61,"props":62,"children":65},"span",{"class":63,"line":64},"line",1,[66,72,78,83,89,94,99,104,109,115,121,125,130,134,139,143,147,151,156,160],{"type":20,"tag":61,"props":67,"children":69},{"style":68},"--shiki-default:#F85552;--shiki-dark:#FF79C6",[70],{"type":25,"value":71},"SELECT",{"type":20,"tag":61,"props":73,"children":75},{"style":74},"--shiki-default:#F57D26;--shiki-dark:#FF79C6",[76],{"type":25,"value":77}," *",{"type":20,"tag":61,"props":79,"children":80},{"style":68},[81],{"type":25,"value":82}," FROM",{"type":20,"tag":61,"props":84,"children":86},{"style":85},"--shiki-default:#5C6A72;--shiki-dark:#F8F8F2",[87],{"type":25,"value":88}," Products ",{"type":20,"tag":61,"props":90,"children":91},{"style":68},[92],{"type":25,"value":93},"WHERE",{"type":20,"tag":61,"props":95,"children":96},{"style":85},[97],{"type":25,"value":98}," ProductCode ",{"type":20,"tag":61,"props":100,"children":101},{"style":68},[102],{"type":25,"value":103},"IN",{"type":20,"tag":61,"props":105,"children":106},{"style":85},[107],{"type":25,"value":108}," (",{"type":20,"tag":61,"props":110,"children":112},{"style":111},"--shiki-default:#8DA101;--shiki-dark:#E9F284",[113],{"type":25,"value":114},"'",{"type":20,"tag":61,"props":116,"children":118},{"style":117},"--shiki-default:#8DA101;--shiki-dark:#F1FA8C",[119],{"type":25,"value":120},"ABC123",{"type":20,"tag":61,"props":122,"children":123},{"style":111},[124],{"type":25,"value":114},{"type":20,"tag":61,"props":126,"children":127},{"style":85},[128],{"type":25,"value":129},", ",{"type":20,"tag":61,"props":131,"children":132},{"style":111},[133],{"type":25,"value":114},{"type":20,"tag":61,"props":135,"children":136},{"style":117},[137],{"type":25,"value":138},"DEF456",{"type":20,"tag":61,"props":140,"children":141},{"style":111},[142],{"type":25,"value":114},{"type":20,"tag":61,"props":144,"children":145},{"style":85},[146],{"type":25,"value":129},{"type":20,"tag":61,"props":148,"children":149},{"style":111},[150],{"type":25,"value":114},{"type":20,"tag":61,"props":152,"children":153},{"style":117},[154],{"type":25,"value":155},"GHI789",{"type":20,"tag":61,"props":157,"children":158},{"style":111},[159],{"type":25,"value":114},{"type":20,"tag":61,"props":161,"children":162},{"style":85},[163],{"type":25,"value":164},")\n",{"type":20,"tag":21,"props":166,"children":167},{},[168],{"type":25,"value":169},"At first glance the relevant parameterized version might look like:",{"type":20,"tag":49,"props":171,"children":173},{"className":51,"code":172,"language":53,"meta":54,"style":54},"SELECT * FROM Products WHERE ProductCode IN (@productlist)\n",[174],{"type":20,"tag":57,"props":175,"children":176},{"__ignoreMap":54},[177],{"type":20,"tag":61,"props":178,"children":179},{"class":63,"line":64},[180,184,188,192,196,200,204,208],{"type":20,"tag":61,"props":181,"children":182},{"style":68},[183],{"type":25,"value":71},{"type":20,"tag":61,"props":185,"children":186},{"style":74},[187],{"type":25,"value":77},{"type":20,"tag":61,"props":189,"children":190},{"style":68},[191],{"type":25,"value":82},{"type":20,"tag":61,"props":193,"children":194},{"style":85},[195],{"type":25,"value":88},{"type":20,"tag":61,"props":197,"children":198},{"style":68},[199],{"type":25,"value":93},{"type":20,"tag":61,"props":201,"children":202},{"style":85},[203],{"type":25,"value":98},{"type":20,"tag":61,"props":205,"children":206},{"style":68},[207],{"type":25,"value":103},{"type":20,"tag":61,"props":209,"children":210},{"style":85},[211],{"type":25,"value":212}," (@productlist)\n",{"type":20,"tag":21,"props":214,"children":215},{},[216],{"type":25,"value":217},"The problem here however is that if you put a comma-separate list of items into a string parameter named @productlist then it sends this to the database server:",{"type":20,"tag":49,"props":219,"children":221},{"className":51,"code":220,"language":53,"meta":54,"style":54},"SELECT * FROM Products WHERE ProductCode IN ('ABC123, DEF456, GHI789')\n",[222],{"type":20,"tag":57,"props":223,"children":224},{"__ignoreMap":54},[225],{"type":20,"tag":61,"props":226,"children":227},{"class":63,"line":64},[228,232,236,240,244,248,252,256,260,264,269,273],{"type":20,"tag":61,"props":229,"children":230},{"style":68},[231],{"type":25,"value":71},{"type":20,"tag":61,"props":233,"children":234},{"style":74},[235],{"type":25,"value":77},{"type":20,"tag":61,"props":237,"children":238},{"style":68},[239],{"type":25,"value":82},{"type":20,"tag":61,"props":241,"children":242},{"style":85},[243],{"type":25,"value":88},{"type":20,"tag":61,"props":245,"children":246},{"style":68},[247],{"type":25,"value":93},{"type":20,"tag":61,"props":249,"children":250},{"style":85},[251],{"type":25,"value":98},{"type":20,"tag":61,"props":253,"children":254},{"style":68},[255],{"type":25,"value":103},{"type":20,"tag":61,"props":257,"children":258},{"style":85},[259],{"type":25,"value":108},{"type":20,"tag":61,"props":261,"children":262},{"style":111},[263],{"type":25,"value":114},{"type":20,"tag":61,"props":265,"children":266},{"style":117},[267],{"type":25,"value":268},"ABC123, DEF456, GHI789",{"type":20,"tag":61,"props":270,"children":271},{"style":111},[272],{"type":25,"value":114},{"type":20,"tag":61,"props":274,"children":275},{"style":85},[276],{"type":25,"value":164},{"type":20,"tag":21,"props":278,"children":279},{},[280],{"type":25,"value":281},"That’s not what we want at all.",{"type":20,"tag":21,"props":283,"children":284},{},[285],{"type":25,"value":286},"This hack isn’t pretty and it has some limitations:",{"type":20,"tag":288,"props":289,"children":290},"ul",{},[291,293,299,300,305,306,311,312],{"type":25,"value":292},"\n  ",{"type":20,"tag":294,"props":295,"children":296},"li",{},[297],{"type":25,"value":298},"\n    Only works with named parameters\n  ",{"type":25,"value":292},{"type":20,"tag":294,"props":301,"children":302},{},[303],{"type":25,"value":304},"\n    Could upset some DB providers that don’t like having command parameters removed or command text modified\n  ",{"type":25,"value":292},{"type":20,"tag":294,"props":307,"children":308},{},[309],{"type":25,"value":310},"\n    Parameter name to replace must be totally unique, i.e. not exist as a subset of another parameter name\n  ",{"type":25,"value":292},{"type":20,"tag":294,"props":313,"children":314},{},[315],{"type":25,"value":316},"\n    Only preserves the basic IDbCommand declared properties\n  ",{"type":20,"tag":21,"props":318,"children":319},{},[320],{"type":25,"value":321},"It should however work across DB providers and types.",{"type":20,"tag":38,"props":323,"children":325},{"id":324},"usage",[326],{"type":25,"value":327},"Usage",{"type":20,"tag":21,"props":329,"children":330},{},[331],{"type":25,"value":332},"The previous example would mean we use exactly the expected parameterized version with @productlist in place.",{"type":20,"tag":21,"props":334,"children":335},{},[336],{"type":25,"value":337},"Add the parameter as you’d expect but instead of assigning a string/numeric to it assign something IEnumerable.",{"type":20,"tag":21,"props":339,"children":340},{},[341],{"type":25,"value":342},"Finally call this method against the command and parameter before you execute it for the ‘magic’ to happen:",{"type":20,"tag":38,"props":344,"children":346},{"id":345},"the-magic",[347],{"type":25,"value":348},"The ‘magic’",{"type":20,"tag":49,"props":350,"children":354},{"className":351,"code":352,"language":353,"meta":54,"style":54},"language-csharp shiki shiki-themes everforest-light dracula","public void ExpandDbArrayParameter(IDbCommand cmd, IDbDataParameter parameter) {\n  if (parameter.Value is IEnumerable) {\n    int index = 0;\n    StringBuilder newParameterSQL = new StringBuilder();\n    foreach(Object value in (IEnumerable) parameter.Value) {\n      String valueParameterName = String.Format(\"{0}{1}\", parameter.ParameterName, ++index);\n      IDataParameter valueParameter = cmd.CreateParameter();\n      valueParameter.DbType = parameter.DbType;\n      valueParameter.Direction = parameter.Direction;\n      valueParameter.ParameterName = valueParameterName;\n      valueParameter.SourceColumn = parameter.SourceColumn;\n      valueParameter.SourceVersion = parameter.SourceVersion;\n      valueParameter.Value = value;\n      cmd.Parameters.Add(valueParameter);\n\n      if (index == 1)\n        newParameterSQL.Append(valueParameterName);\n      else\n        newParameterSQL.Append(\",\" + valueParameterName);\n      }\n      cmd.Parameters.Remove(parameter);\n      cmd.CommandText = cmd.CommandText.Replace(parameter.ParameterName, newParameterSQL.ToString());\n    }\n}\n","csharp",[355],{"type":20,"tag":57,"props":356,"children":357},{"__ignoreMap":54},[358,414,448,478,511,561,631,663,695,724,745,774,803,824,853,863,891,910,919,958,967,993,1051,1060],{"type":20,"tag":61,"props":359,"children":360},{"class":63,"line":64},[361,366,372,378,383,389,395,399,404,409],{"type":20,"tag":61,"props":362,"children":363},{"style":74},[364],{"type":25,"value":365},"public",{"type":20,"tag":61,"props":367,"children":369},{"style":368},"--shiki-default:#3A94C5;--shiki-dark:#FF79C6",[370],{"type":25,"value":371}," void",{"type":20,"tag":61,"props":373,"children":375},{"style":374},"--shiki-default:#8DA101;--shiki-dark:#50FA7B",[376],{"type":25,"value":377}," ExpandDbArrayParameter",{"type":20,"tag":61,"props":379,"children":380},{"style":85},[381],{"type":25,"value":382},"(",{"type":20,"tag":61,"props":384,"children":386},{"style":385},"--shiki-default:#3A94C5;--shiki-default-font-style:inherit;--shiki-dark:#8BE9FD;--shiki-dark-font-style:italic",[387],{"type":25,"value":388},"IDbCommand",{"type":20,"tag":61,"props":390,"children":392},{"style":391},"--shiki-default:#5C6A72;--shiki-default-font-style:inherit;--shiki-dark:#FFB86C;--shiki-dark-font-style:italic",[393],{"type":25,"value":394}," cmd",{"type":20,"tag":61,"props":396,"children":397},{"style":85},[398],{"type":25,"value":129},{"type":20,"tag":61,"props":400,"children":401},{"style":385},[402],{"type":25,"value":403},"IDbDataParameter",{"type":20,"tag":61,"props":405,"children":406},{"style":391},[407],{"type":25,"value":408}," parameter",{"type":20,"tag":61,"props":410,"children":411},{"style":85},[412],{"type":25,"value":413},") {\n",{"type":20,"tag":61,"props":415,"children":417},{"class":63,"line":416},2,[418,423,428,434,439,444],{"type":20,"tag":61,"props":419,"children":420},{"style":68},[421],{"type":25,"value":422},"  if",{"type":20,"tag":61,"props":424,"children":425},{"style":85},[426],{"type":25,"value":427}," (parameter.",{"type":20,"tag":61,"props":429,"children":431},{"style":430},"--shiki-default:#35A77C;--shiki-dark:#F8F8F2",[432],{"type":25,"value":433},"Value",{"type":20,"tag":61,"props":435,"children":436},{"style":68},[437],{"type":25,"value":438}," is",{"type":20,"tag":61,"props":440,"children":441},{"style":385},[442],{"type":25,"value":443}," IEnumerable",{"type":20,"tag":61,"props":445,"children":446},{"style":85},[447],{"type":25,"value":413},{"type":20,"tag":61,"props":449,"children":451},{"class":63,"line":450},3,[452,457,462,467,473],{"type":20,"tag":61,"props":453,"children":454},{"style":368},[455],{"type":25,"value":456},"    int",{"type":20,"tag":61,"props":458,"children":459},{"style":85},[460],{"type":25,"value":461}," index ",{"type":20,"tag":61,"props":463,"children":464},{"style":74},[465],{"type":25,"value":466},"=",{"type":20,"tag":61,"props":468,"children":470},{"style":469},"--shiki-default:#DF69BA;--shiki-dark:#BD93F9",[471],{"type":25,"value":472}," 0",{"type":20,"tag":61,"props":474,"children":475},{"style":85},[476],{"type":25,"value":477},";\n",{"type":20,"tag":61,"props":479,"children":481},{"class":63,"line":480},4,[482,487,492,496,501,506],{"type":20,"tag":61,"props":483,"children":484},{"style":385},[485],{"type":25,"value":486},"    StringBuilder",{"type":20,"tag":61,"props":488,"children":489},{"style":85},[490],{"type":25,"value":491}," newParameterSQL ",{"type":20,"tag":61,"props":493,"children":494},{"style":74},[495],{"type":25,"value":466},{"type":20,"tag":61,"props":497,"children":498},{"style":68},[499],{"type":25,"value":500}," new",{"type":20,"tag":61,"props":502,"children":503},{"style":385},[504],{"type":25,"value":505}," StringBuilder",{"type":20,"tag":61,"props":507,"children":508},{"style":85},[509],{"type":25,"value":510},"();\n",{"type":20,"tag":61,"props":512,"children":514},{"class":63,"line":513},5,[515,520,524,529,534,539,543,548,553,557],{"type":20,"tag":61,"props":516,"children":517},{"style":68},[518],{"type":25,"value":519},"    foreach",{"type":20,"tag":61,"props":521,"children":522},{"style":85},[523],{"type":25,"value":382},{"type":20,"tag":61,"props":525,"children":526},{"style":385},[527],{"type":25,"value":528},"Object",{"type":20,"tag":61,"props":530,"children":531},{"style":85},[532],{"type":25,"value":533}," value ",{"type":20,"tag":61,"props":535,"children":536},{"style":68},[537],{"type":25,"value":538},"in",{"type":20,"tag":61,"props":540,"children":541},{"style":85},[542],{"type":25,"value":108},{"type":20,"tag":61,"props":544,"children":545},{"style":385},[546],{"type":25,"value":547},"IEnumerable",{"type":20,"tag":61,"props":549,"children":550},{"style":85},[551],{"type":25,"value":552},") parameter.",{"type":20,"tag":61,"props":554,"children":555},{"style":430},[556],{"type":25,"value":433},{"type":20,"tag":61,"props":558,"children":559},{"style":85},[560],{"type":25,"value":413},{"type":20,"tag":61,"props":562,"children":564},{"class":63,"line":563},6,[565,570,575,579,584,589,593,598,603,607,612,617,621,626],{"type":20,"tag":61,"props":566,"children":567},{"style":385},[568],{"type":25,"value":569},"      String",{"type":20,"tag":61,"props":571,"children":572},{"style":85},[573],{"type":25,"value":574}," valueParameterName ",{"type":20,"tag":61,"props":576,"children":577},{"style":74},[578],{"type":25,"value":466},{"type":20,"tag":61,"props":580,"children":581},{"style":85},[582],{"type":25,"value":583}," String.",{"type":20,"tag":61,"props":585,"children":586},{"style":374},[587],{"type":25,"value":588},"Format",{"type":20,"tag":61,"props":590,"children":591},{"style":85},[592],{"type":25,"value":382},{"type":20,"tag":61,"props":594,"children":595},{"style":111},[596],{"type":25,"value":597},"\"",{"type":20,"tag":61,"props":599,"children":600},{"style":117},[601],{"type":25,"value":602},"{0}{1}",{"type":20,"tag":61,"props":604,"children":605},{"style":111},[606],{"type":25,"value":597},{"type":20,"tag":61,"props":608,"children":609},{"style":85},[610],{"type":25,"value":611},", parameter.",{"type":20,"tag":61,"props":613,"children":614},{"style":430},[615],{"type":25,"value":616},"ParameterName",{"type":20,"tag":61,"props":618,"children":619},{"style":85},[620],{"type":25,"value":129},{"type":20,"tag":61,"props":622,"children":623},{"style":74},[624],{"type":25,"value":625},"++",{"type":20,"tag":61,"props":627,"children":628},{"style":85},[629],{"type":25,"value":630},"index);\n",{"type":20,"tag":61,"props":632,"children":634},{"class":63,"line":633},7,[635,640,645,649,654,659],{"type":20,"tag":61,"props":636,"children":637},{"style":385},[638],{"type":25,"value":639},"      IDataParameter",{"type":20,"tag":61,"props":641,"children":642},{"style":85},[643],{"type":25,"value":644}," valueParameter ",{"type":20,"tag":61,"props":646,"children":647},{"style":74},[648],{"type":25,"value":466},{"type":20,"tag":61,"props":650,"children":651},{"style":85},[652],{"type":25,"value":653}," cmd.",{"type":20,"tag":61,"props":655,"children":656},{"style":374},[657],{"type":25,"value":658},"CreateParameter",{"type":20,"tag":61,"props":660,"children":661},{"style":85},[662],{"type":25,"value":510},{"type":20,"tag":61,"props":664,"children":666},{"class":63,"line":665},8,[667,672,677,682,687,691],{"type":20,"tag":61,"props":668,"children":669},{"style":85},[670],{"type":25,"value":671},"      valueParameter.",{"type":20,"tag":61,"props":673,"children":674},{"style":430},[675],{"type":25,"value":676},"DbType",{"type":20,"tag":61,"props":678,"children":679},{"style":74},[680],{"type":25,"value":681}," =",{"type":20,"tag":61,"props":683,"children":684},{"style":85},[685],{"type":25,"value":686}," parameter.",{"type":20,"tag":61,"props":688,"children":689},{"style":430},[690],{"type":25,"value":676},{"type":20,"tag":61,"props":692,"children":693},{"style":85},[694],{"type":25,"value":477},{"type":20,"tag":61,"props":696,"children":698},{"class":63,"line":697},9,[699,703,708,712,716,720],{"type":20,"tag":61,"props":700,"children":701},{"style":85},[702],{"type":25,"value":671},{"type":20,"tag":61,"props":704,"children":705},{"style":430},[706],{"type":25,"value":707},"Direction",{"type":20,"tag":61,"props":709,"children":710},{"style":74},[711],{"type":25,"value":681},{"type":20,"tag":61,"props":713,"children":714},{"style":85},[715],{"type":25,"value":686},{"type":20,"tag":61,"props":717,"children":718},{"style":430},[719],{"type":25,"value":707},{"type":20,"tag":61,"props":721,"children":722},{"style":85},[723],{"type":25,"value":477},{"type":20,"tag":61,"props":725,"children":727},{"class":63,"line":726},10,[728,732,736,740],{"type":20,"tag":61,"props":729,"children":730},{"style":85},[731],{"type":25,"value":671},{"type":20,"tag":61,"props":733,"children":734},{"style":430},[735],{"type":25,"value":616},{"type":20,"tag":61,"props":737,"children":738},{"style":74},[739],{"type":25,"value":681},{"type":20,"tag":61,"props":741,"children":742},{"style":85},[743],{"type":25,"value":744}," valueParameterName;\n",{"type":20,"tag":61,"props":746,"children":748},{"class":63,"line":747},11,[749,753,758,762,766,770],{"type":20,"tag":61,"props":750,"children":751},{"style":85},[752],{"type":25,"value":671},{"type":20,"tag":61,"props":754,"children":755},{"style":430},[756],{"type":25,"value":757},"SourceColumn",{"type":20,"tag":61,"props":759,"children":760},{"style":74},[761],{"type":25,"value":681},{"type":20,"tag":61,"props":763,"children":764},{"style":85},[765],{"type":25,"value":686},{"type":20,"tag":61,"props":767,"children":768},{"style":430},[769],{"type":25,"value":757},{"type":20,"tag":61,"props":771,"children":772},{"style":85},[773],{"type":25,"value":477},{"type":20,"tag":61,"props":775,"children":777},{"class":63,"line":776},12,[778,782,787,791,795,799],{"type":20,"tag":61,"props":779,"children":780},{"style":85},[781],{"type":25,"value":671},{"type":20,"tag":61,"props":783,"children":784},{"style":430},[785],{"type":25,"value":786},"SourceVersion",{"type":20,"tag":61,"props":788,"children":789},{"style":74},[790],{"type":25,"value":681},{"type":20,"tag":61,"props":792,"children":793},{"style":85},[794],{"type":25,"value":686},{"type":20,"tag":61,"props":796,"children":797},{"style":430},[798],{"type":25,"value":786},{"type":20,"tag":61,"props":800,"children":801},{"style":85},[802],{"type":25,"value":477},{"type":20,"tag":61,"props":804,"children":806},{"class":63,"line":805},13,[807,811,815,819],{"type":20,"tag":61,"props":808,"children":809},{"style":85},[810],{"type":25,"value":671},{"type":20,"tag":61,"props":812,"children":813},{"style":430},[814],{"type":25,"value":433},{"type":20,"tag":61,"props":816,"children":817},{"style":74},[818],{"type":25,"value":681},{"type":20,"tag":61,"props":820,"children":821},{"style":85},[822],{"type":25,"value":823}," value;\n",{"type":20,"tag":61,"props":825,"children":827},{"class":63,"line":826},14,[828,833,838,843,848],{"type":20,"tag":61,"props":829,"children":830},{"style":85},[831],{"type":25,"value":832},"      cmd.",{"type":20,"tag":61,"props":834,"children":835},{"style":430},[836],{"type":25,"value":837},"Parameters",{"type":20,"tag":61,"props":839,"children":840},{"style":85},[841],{"type":25,"value":842},".",{"type":20,"tag":61,"props":844,"children":845},{"style":374},[846],{"type":25,"value":847},"Add",{"type":20,"tag":61,"props":849,"children":850},{"style":85},[851],{"type":25,"value":852},"(valueParameter);\n",{"type":20,"tag":61,"props":854,"children":856},{"class":63,"line":855},15,[857],{"type":20,"tag":61,"props":858,"children":860},{"emptyLinePlaceholder":859},true,[861],{"type":25,"value":862},"\n",{"type":20,"tag":61,"props":864,"children":866},{"class":63,"line":865},16,[867,872,877,882,887],{"type":20,"tag":61,"props":868,"children":869},{"style":68},[870],{"type":25,"value":871},"      if",{"type":20,"tag":61,"props":873,"children":874},{"style":85},[875],{"type":25,"value":876}," (index ",{"type":20,"tag":61,"props":878,"children":879},{"style":74},[880],{"type":25,"value":881},"==",{"type":20,"tag":61,"props":883,"children":884},{"style":469},[885],{"type":25,"value":886}," 1",{"type":20,"tag":61,"props":888,"children":889},{"style":85},[890],{"type":25,"value":164},{"type":20,"tag":61,"props":892,"children":894},{"class":63,"line":893},17,[895,900,905],{"type":20,"tag":61,"props":896,"children":897},{"style":85},[898],{"type":25,"value":899},"        newParameterSQL.",{"type":20,"tag":61,"props":901,"children":902},{"style":374},[903],{"type":25,"value":904},"Append",{"type":20,"tag":61,"props":906,"children":907},{"style":85},[908],{"type":25,"value":909},"(valueParameterName);\n",{"type":20,"tag":61,"props":911,"children":913},{"class":63,"line":912},18,[914],{"type":20,"tag":61,"props":915,"children":916},{"style":68},[917],{"type":25,"value":918},"      else\n",{"type":20,"tag":61,"props":920,"children":922},{"class":63,"line":921},19,[923,927,931,935,939,944,948,953],{"type":20,"tag":61,"props":924,"children":925},{"style":85},[926],{"type":25,"value":899},{"type":20,"tag":61,"props":928,"children":929},{"style":374},[930],{"type":25,"value":904},{"type":20,"tag":61,"props":932,"children":933},{"style":85},[934],{"type":25,"value":382},{"type":20,"tag":61,"props":936,"children":937},{"style":111},[938],{"type":25,"value":597},{"type":20,"tag":61,"props":940,"children":941},{"style":117},[942],{"type":25,"value":943},",",{"type":20,"tag":61,"props":945,"children":946},{"style":111},[947],{"type":25,"value":597},{"type":20,"tag":61,"props":949,"children":950},{"style":74},[951],{"type":25,"value":952}," +",{"type":20,"tag":61,"props":954,"children":955},{"style":85},[956],{"type":25,"value":957}," valueParameterName);\n",{"type":20,"tag":61,"props":959,"children":961},{"class":63,"line":960},20,[962],{"type":20,"tag":61,"props":963,"children":964},{"style":85},[965],{"type":25,"value":966},"      }\n",{"type":20,"tag":61,"props":968,"children":970},{"class":63,"line":969},21,[971,975,979,983,988],{"type":20,"tag":61,"props":972,"children":973},{"style":85},[974],{"type":25,"value":832},{"type":20,"tag":61,"props":976,"children":977},{"style":430},[978],{"type":25,"value":837},{"type":20,"tag":61,"props":980,"children":981},{"style":85},[982],{"type":25,"value":842},{"type":20,"tag":61,"props":984,"children":985},{"style":374},[986],{"type":25,"value":987},"Remove",{"type":20,"tag":61,"props":989,"children":990},{"style":85},[991],{"type":25,"value":992},"(parameter);\n",{"type":20,"tag":61,"props":994,"children":996},{"class":63,"line":995},22,[997,1001,1006,1010,1014,1018,1022,1027,1032,1036,1041,1046],{"type":20,"tag":61,"props":998,"children":999},{"style":85},[1000],{"type":25,"value":832},{"type":20,"tag":61,"props":1002,"children":1003},{"style":430},[1004],{"type":25,"value":1005},"CommandText",{"type":20,"tag":61,"props":1007,"children":1008},{"style":74},[1009],{"type":25,"value":681},{"type":20,"tag":61,"props":1011,"children":1012},{"style":85},[1013],{"type":25,"value":653},{"type":20,"tag":61,"props":1015,"children":1016},{"style":430},[1017],{"type":25,"value":1005},{"type":20,"tag":61,"props":1019,"children":1020},{"style":85},[1021],{"type":25,"value":842},{"type":20,"tag":61,"props":1023,"children":1024},{"style":374},[1025],{"type":25,"value":1026},"Replace",{"type":20,"tag":61,"props":1028,"children":1029},{"style":85},[1030],{"type":25,"value":1031},"(parameter.",{"type":20,"tag":61,"props":1033,"children":1034},{"style":430},[1035],{"type":25,"value":616},{"type":20,"tag":61,"props":1037,"children":1038},{"style":85},[1039],{"type":25,"value":1040},", newParameterSQL.",{"type":20,"tag":61,"props":1042,"children":1043},{"style":374},[1044],{"type":25,"value":1045},"ToString",{"type":20,"tag":61,"props":1047,"children":1048},{"style":85},[1049],{"type":25,"value":1050},"());\n",{"type":20,"tag":61,"props":1052,"children":1054},{"class":63,"line":1053},23,[1055],{"type":20,"tag":61,"props":1056,"children":1057},{"style":85},[1058],{"type":25,"value":1059},"    }\n",{"type":20,"tag":61,"props":1061,"children":1063},{"class":63,"line":1062},24,[1064],{"type":20,"tag":61,"props":1065,"children":1066},{"style":85},[1067],{"type":25,"value":1068},"}\n",{"type":20,"tag":21,"props":1070,"children":1071},{},[1072],{"type":20,"tag":1073,"props":1074,"children":1075},"em",{},[1076],{"type":25,"value":1077},"[)amien",{"type":20,"tag":1079,"props":1080,"children":1081},"style",{},[1082],{"type":25,"value":1083},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":54,"searchDepth":416,"depth":416,"links":1085},[1086,1087,1088],{"id":40,"depth":416,"text":43},{"id":324,"depth":416,"text":327},{"id":345,"depth":416,"text":348},"markdown","content:blog:2006:parameterising-the-in-clause-of-an-sql-select-in-net.md","content","blog/2006/parameterising-the-in-clause-of-an-sql-select-in-net.md","blog/2006/parameterising-the-in-clause-of-an-sql-select-in-net","md","/blog/2006/parameterising-the-in-clause-of-an-sql-select-in-net/",440,[1098,1102,1106],{"title":1099,"date":1100,"url":1101},"HTML5 Video Cheatsheet: Optimizing videos for the web","2025-12-05T00:00:00Z","/blog/2025/html5-video-cheatsheet/",{"title":1103,"date":1104,"url":1105},"Transactions in the MongoDB EF Core Provider","2025-10-25","/blog/2025/mongodb-explicit-transactions/",{"title":1107,"date":1108,"url":1109},"Queryable Encryption with the MongoDB EF Core Provider","2025-09-22","/blog/2025/mongodb-queryable-encryption/",[1111,1132,1162,1180,1201,1233],{"_path":1112,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1114,"description":1115,"id":1116,"name":1117,"email":1118,"avatar":1119,"date":1120,"body":1121,"_type":1089,"_id":1129,"_source":1091,"_file":1130,"_stem":1131,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/156505","parameterising-the-in-clause-of-an-sql-select-in-net","156505","Pay attention, a string is also an IEnumerable (as char)! So make sure to exclude those in the first if.",156505,"Roemer","r.baeriswyl@gmail.com","https://www.gravatar.com/avatar/4d76e47633c9eefd4f3e5a82e912f68d?r=pg&d=retro","2015-12-16T03:08:18",{"type":17,"children":1122,"toc":1127},[1123],{"type":20,"tag":21,"props":1124,"children":1125},{},[1126],{"type":25,"value":1115},{"title":54,"searchDepth":416,"depth":416,"links":1128},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:156505.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/156505.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/156505",{"_path":1133,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1134,"description":1135,"id":1136,"name":1137,"email":1138,"avatar":1139,"url":1140,"date":1141,"body":1142,"_type":1089,"_id":1159,"_source":1091,"_file":1160,"_stem":1161,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/1663","1663","I think the post on WeakReference\u003CT> was geekier.",1663,"Damien Guard","damien@envytech.co.uk","https://www.gravatar.com/avatar/dc72963e7279d34c85ed4c0b731ce5a9?r=pg&d=retro","https://damieng.com/","2006-10-29T17:02:06",{"type":17,"children":1143,"toc":1157},[1144],{"type":20,"tag":21,"props":1145,"children":1146},{},[1147,1149,1155],{"type":25,"value":1148},"I think the post on ",{"type":20,"tag":57,"props":1150,"children":1152},{"className":1151},[],[1153],{"type":25,"value":1154},"WeakReference\u003CT>",{"type":25,"value":1156}," was geekier.",{"title":54,"searchDepth":416,"depth":416,"links":1158},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:1663.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1663.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1663",{"_path":1163,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1164,"description":1165,"id":1166,"name":1167,"date":1168,"body":1169,"_type":1089,"_id":1177,"_source":1091,"_file":1178,"_stem":1179,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/1662","1662","Possibly one of the geekiest blog postings I've ever read.",1662,"Lee Wallace","2006-10-26T15:27:24",{"type":17,"children":1170,"toc":1175},[1171],{"type":20,"tag":21,"props":1172,"children":1173},{},[1174],{"type":25,"value":1165},{"title":54,"searchDepth":416,"depth":416,"links":1176},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:1662.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1662.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1662",{"_path":1181,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1182,"description":1183,"id":1184,"name":1185,"email":1186,"avatar":1187,"url":1188,"date":1189,"body":1190,"_type":1089,"_id":1198,"_source":1091,"_file":1199,"_stem":1200,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/1661","1661","Yep, that's certainly an option, assuming that Null doesn't have a special meaning in this instance (which it sometimes does). Sometimes it's hard to find 'safe' values :)",1661,"Steve","steve@stevestreeting.com","https://www.gravatar.com/avatar/fbe8cc9ac5bc8797382e01e10f5f8e33?r=pg&d=retro","https://www.stevestreeting.com","2006-10-26T14:50:26",{"type":17,"children":1191,"toc":1196},[1192],{"type":20,"tag":21,"props":1193,"children":1194},{},[1195],{"type":25,"value":1183},{"title":54,"searchDepth":416,"depth":416,"links":1197},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:1661.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1661.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1661",{"_path":1202,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1203,"description":1204,"id":1205,"name":1137,"email":1138,"avatar":1139,"url":1140,"date":1206,"body":1207,"_type":1089,"_id":1230,"_source":1091,"_file":1231,"_stem":1232,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/1660","1660","Yeah I realise this will blow the precompilation/optimisation steps as each command text becomes slightly different.",1660,"2006-10-26T14:26:43",{"type":17,"children":1208,"toc":1228},[1209,1213,1218,1223],{"type":20,"tag":21,"props":1210,"children":1211},{},[1212],{"type":25,"value":1204},{"type":20,"tag":21,"props":1214,"children":1215},{},[1216],{"type":25,"value":1217},"If there are more than a handful of entries then a temporary table might well be a suitable option.",{"type":20,"tag":21,"props":1219,"children":1220},{},[1221],{"type":25,"value":1222},"The other option is if you know you won't use more than n then to put n parameters into the IN list and fill the unused ones with NULL.",{"type":20,"tag":21,"props":1224,"children":1225},{},[1226],{"type":25,"value":1227},"Which avoids the temporary table and optimises better but obviously with the restriction of a maximum number of elements.",{"title":54,"searchDepth":416,"depth":416,"links":1229},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:1660.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1660.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1660",{"_path":1234,"_dir":1113,"_draft":6,"_partial":6,"_locale":7,"title":1235,"description":1236,"id":1237,"name":1185,"email":1186,"avatar":1187,"url":1188,"date":1238,"body":1239,"_type":1089,"_id":1252,"_source":1091,"_file":1253,"_stem":1254,"_extension":1094},"/comments/parameterising-the-in-clause-of-an-sql-select-in-net/1659","1659","Although you still get the benefits of the security of a parameterised query, I think (if this works like JDBC) you'll lose all the performance benefits of a precompiled statement.",1659,"2006-10-26T12:49:54",{"type":17,"children":1240,"toc":1250},[1241,1245],{"type":20,"tag":21,"props":1242,"children":1243},{},[1244],{"type":25,"value":1236},{"type":20,"tag":21,"props":1246,"children":1247},{},[1248],{"type":25,"value":1249},"It kind of depends whether the contents of the IN are completely unpredictable, or if there is a preset list of combinations. If it's the latter, I'd tend to enumerate those combinations in a sort of 'criteria table' and use an id from that to perform IN queries. If it's completely flexible and unpredictable then you can use a transaction-scope temporary table (many databases support these and they're held in memory, not disk therefore they're very fast & cheap) which you populate with the list of criteria and use for the IN. No statement recompilation or hacks needed.",{"title":54,"searchDepth":416,"depth":416,"links":1251},[],"content:comments:parameterising-the-in-clause-of-an-sql-select-in-net:1659.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1659.md","comments/parameterising-the-in-clause-of-an-sql-select-in-net/1659",1779264594863]