SQL Server using in keyword pass string array query

how to pass array in sql query
pass array to sql query c#
how to pass list in sql query c#
how to pass string variable in sql query in c#
using comma separated value parameter strings in sql in clauses
how to pass arraylist to stored procedure in sql server
how to pass list in sql query in java
how to pass array to sql server stored procedure from java

I don't think the IN clause can accept bind parameters with multiple values. Oracle can't and a couple minutes

and query is

declare @setting varchar(max)

set @setting ='''Sales Entry Grid Cursor'',''Customer Mandatory'',''Column Uom'',''Show Marka'',''Show Discount Amount In Grid'',''Show Discount % In Grid'',''Calculation based on Weight *rate'''

and stored procedure is

 Select pageconfig_action 
 From [RetailSoft].[dbo].[tbl_pageconfig] 
 Where [PageConfig_settingsName] in (@setting)
   and PageConfig_CompanyId = 1

result is empty

And pass string in directly in keyword

Select pageconfig_action 
From [RetailSoft].[dbo].[tbl_pageconfig] 
Where [PageConfig_settingsName] in ('Sales Entry Grid Cursor', 'Customer Mandatory', 'Column Uom', 'Show Marka', 'Show Discount Amount In Grid', 'Show Discount % In Grid', 'Calculation based on Weight *rate')
  and PageConfig_CompanyId=1

then result is ok

In SQL Server 2016+: using string_split built in function. Please note, that extra single quotes are not necessary anymore:

DECLARE @setting varchar(max)

set @setting ='Sales Entry Grid Cursor,Customer Mandatory,Column Uom,Show Marka,Show Discount Amount In Grid,Show Discount % In Grid,Calculation based on Weight *rate'


Select pageconfig_action from [RetailSoft].[dbo].[tbl_pageconfig] 
Where [PageConfig_settingsName] in(SELECT value FROM string_split(@setting, ',') )
 and PageConfig_CompanyId=1

If you run SQL Server older than SQL 2016, the answer of @GuidoG is a preferable method

[Solved] How to pass string array in SQL parameter to IN clause in , If you mean SQL Server, pass it as a Table-valued parameter: and create a table with these values. after that you can write your query like As you can see, SQL Server does not include arrays. But we can use table variables, temporary tables or the STRING_SPLIT function. However, the STRING_SPLIT function is new and can be used only on SQL Server 2016 or later versions. If you do not have SQL Server, there were older methods to split strings separated by commas.

You need to make Setting a table, not a varchar. Then there is no need for dynamic sql and you can keep it simple like this

declare @Setting table (name varchar(50))

insert into @Setting (name)
values ('Sales Entry Grid Cursor'), 
       ('Customer Mandatory'),
       ('Column Uom'),
       ('Show Marka'),
       ('Show Discount Amount In Grid'),
       ('Show Discount % In Grid'),
       ('Calculation based on Weight *rate')

Select pageconfig_action 
from   [RetailSoft].[dbo].[tbl_pageconfig] 
Where  [PageConfig_settingsName] in (select name from @setting)
and    PageConfig_CompanyId=1

How to implement array-like functionality in SQL Server, I told them that there were no arrays in SQL Server like the ones that we have How to use a table variable instead of an array; The function STRING_SPLIT function Once you have the query in a CTE expression, you can do a select BY Clause overview · SQL Server table hints – WITH (NOLOCK) best  When you have to pass in the whole Transact-SQL query or the name of the linked server (or both), use code that is similar to the following sample: DECLARE @OPENQUERY nvarchar(4000), @TSQL nvarchar(4000), @LinkedServer nvarchar(4000)

You're misunderstanding how strings are treated in SQL Server. The string you have ('''Sales Entry Grid Cursor'',''Customer Mandatory'',''Column Uom'',''Show Marka'',''Show Discount Amount In Grid'',''Show Discount % In Grid'',''Calculation based on Weight *rate''') is one literal value, not multiple values. IN won't "work" against it because it's looking for a row has that whole string's value for PageConfig_settingsName.

There are 2 options here. The first is to split your string and compare:

SELECT pageconfig_action
FROM [RetailSoft].[dbo].[tbl_pageconfig]
     CROSS APPLY STRING_SPLIT(@setting, ',') SS
WHERE [PageConfig_settingsName] = SS.[value]
  AND PageConfig_CompanyId = 1;

Note you don't needs the quotes around each utem (unless that really have those quotes in their value)

If you aren't on SQL Server 2016+ search delimitedsplit8k (If you're on 2008), or delimitedsplit8k_lead if you're on 2012/2014.

Otherwise, you can use a table-value variable and pass each value separately:

DECLARE @Setting table (setting varchar(255));
INSERT INTO @Setting (setting)
VALUES ('Sales Entry Grid Cursor'),
       ('Customer Mandatory'),
       ('Column Uom'),
       ('Show Marka'),
       ('Show Discount Amount In Grid'),
       ('Show Discount % In Grid'),
       ('Calculation based on Weight *rate');

SELECT P.pageconfig_action
FROM [RetailSoft].[dbo].[tbl_pageconfig] P
     JOIN @Setting S ON S.setting = P.[PageConfig_settingsName]
WHERE P.PageConfig_CompanyId = 1;

PDO::prepare - Manual, Neither part of literal, nor keyword, nor identifier, nor whatever arbitrary query part can A work-around is to not use emulated prepares for such SQL queries, and to avoid If the database server successfully prepares the statement, PDO::​prepare() returns a Execute a prepared statement by passing an array of values */ For this reason, in every SQL Server version, Microsoft has announced new string functions. New string functions like STRING_ESCAPE, STRING_SPLIT were added into SQL Server 2016 and CONCAT_WS, STRING_AGG, TRANSLATE, TRIM string functions were added into SQL Server 2017. In this article, we will discuss the STRING_SPLIT function, in particular.

PHP compact() Function, Parameter Values. Parameter, Description. var1, Required. Can be a string with the variable name, or an array of variables. Select * from OpenQuery(TestServer,'declare @string varchar(max) Set @string=''abcd'' Select * From Table1 where Field1=@string') HTH. Elliott

PHP implode() Function, Example. Join array elements with a string: <?php $arr = array('Hello','World!','​Beautiful','Day!'); echo implode(" ",$arr); ?> Try it Yourself »  Note, we had to use dyanmic SQL to properly form the query (which involves expanding the comma-delimited string). Simple Method to Pass Array to a Stored Procedure - C# .NET Side Next, we need to define the method to pass the data and execute the stored procedure from C# .NET.

PHP extract() Function, Parameter Values. Parameter, Description. array, Required. Specifies the array to use. extract_rules, Optional. The extract() function checks  Spaces are ignored at the beginning of the value passed to Server in connection strings when using OLE DB Driver for SQL Server. ServerSPN: SSPROP_INIT_SERVERSPN: The SPN for the server. The default value is an empty string. An empty string causes OLE DB Driver for SQL Server to use the default, provider-generated SPN. Timeout: DBPROP_INIT_TIMEOUT

Comments
  • Read the excellent article by Erland Sommarskog on this topic - sommarskog.se/arrays-in-sql-2005.html.
  • Possible duplicate of Parameterize an SQL IN clause
  • Like the other answer, [PageConfig_settingsName] in( '+@setting+ ' ) is a vulnerability waiting to be exploited. That solution is far from recommended.
  • @Larnu, yeps, true, there is a warning in my answer ;)
  • So include only methods that aren't exploitable. An answer that provides (such a large) a security flaw should be avoided.
  • I see, have no objections