| .NET DotNet Forum Index » ADO .NET Forum » array parameters... |
|
Page 1 of 1 |
|
| Author |
Message |
| Phil... |
 Posted: Thu Oct 08, 2009 4:22 am |
|
|
|
Guest
|
I have a query similar to:
SELECT Field1 FROM Table1 WHERE Field2 <> at (no spam) parameter
and I need to change this to exclude a list of values rather than a single
value
Can I replace this with something like:
SELECT Field1 FROM Table1 WHERE Field2 NOT IN at (no spam) parameter
where parameter is now an array rather than a single value?
I am using ADONET in VS2008 with an Access/Jet database (OleDb provider).
Nothing in the help topics for OleDbParameter discuss using arrays like this
as far as I can see.
Any suggestions appreciated.
TIA
Phil. |
|
|
| Back to top |
|
|
|
| Paul... |
| Posted: Thu Oct 08, 2009 4:31 am |
|
|
|
Guest
|
Not that i'm aware of, as I have never had the need to do this.
Why not go back and have a look at the process creating the at (no spam) parameter
exclude list I bet its source is the DB and if thats the case sounds like a
good reason to merge this function.
"Phil" <p> wrote in message
news:ANSdnVa2dKDrIFDXnZ2dnUVZ8k-dnZ2d at (no spam) brightview.co.uk...
Quote: I have a query similar to:
SELECT Field1 FROM Table1 WHERE Field2 <> at (no spam) parameter
and I need to change this to exclude a list of values rather than a single
value
Can I replace this with something like:
SELECT Field1 FROM Table1 WHERE Field2 NOT IN at (no spam) parameter
where parameter is now an array rather than a single value?
I am using ADONET in VS2008 with an Access/Jet database (OleDb provider).
Nothing in the help topics for OleDbParameter discuss using arrays like
this as far as I can see.
Any suggestions appreciated.
TIA
Phil.
|
|
|
| Back to top |
|
|
|
| Phil... |
| Posted: Thu Oct 08, 2009 8:50 am |
|
|
|
Guest
|
Quote: Not that i'm aware of, as I have never had the need to do this.
Why not go back and have a look at the process creating the at (no spam) parameter
exclude list I bet its source is the DB and if thats the case sounds like
a good reason to merge this function.
True, the list is generated ultimately from another database query, but it
may involve quite a bit of code restructuring to change this. I'll have to
see how practical it is to do this. It might be easier for me to dynamically
create the sql command string.
Thanks
Phil. |
|
|
| Back to top |
|
|
|
| Paul... |
| Posted: Thu Oct 08, 2009 9:00 am |
|
|
|
Guest
|
Ideally stay away from dynamic sql for security reasons unless you do not
need to give table permissions to standard users because the query can be
run server side.
"Phil" <p> wrote in message
news:I6CdnQ8MEJvdYVDXnZ2dnUVZ8nWdnZ2d at (no spam) brightview.co.uk...
Quote: Not that i'm aware of, as I have never had the need to do this.
Why not go back and have a look at the process creating the at (no spam) parameter
exclude list I bet its source is the DB and if thats the case sounds like
a good reason to merge this function.
True, the list is generated ultimately from another database query, but it
may involve quite a bit of code restructuring to change this. I'll have to
see how practical it is to do this. It might be easier for me to
dynamically create the sql command string.
Thanks
Phil.
|
|
|
| Back to top |
|
|
|
| Phil... |
| Posted: Fri Oct 09, 2009 2:47 am |
|
|
|
Guest
|
"Paul" <paulriley at (no spam) novareconsulting.com> wrote in message
news:%23n6UcgCSKHA.1372 at (no spam) TK2MSFTNGP02.phx.gbl...
Quote: Ideally stay away from dynamic sql for security reasons unless you do not
need to give table permissions to standard users because the query can be
run server side.
By dynamically creating the SQL. I just mean converting my array of values
into a comma separated list which I can use for the IN clause, instead of
using a parameter. I can see how this could be a potential security issue if
the values were strings, but in my case they are just numbers, so this isn't
a problem. Security issues of this type aren't really an issue anyway, as it
is basically a desktop application with the user's own database. There is no
server. The database is just a jet mdb file.
Phil. |
|
|
| Back to top |
|
|
|
|
