March 19, 2014 at 4:22 am
I have a query ending with
WHERE MyID IN (12, 14, 18)
and want to replace it by a parameter like
WHERE MyID IN @Param
or
WHERE MyID IN (@PARAM).
Is it possible to use a parameter for this situation?
And what would be the type of it, a VARCHAR?
March 19, 2014 at 4:39 am
The only way to do it is to make it as dynamic SQL. Notice that this will cause concerns about security (permissions issues and SQL injection). If you'll write a little bit more about your problem, maybe someone here will be able to offer you a better design.
Adi
--------------------------------------------------------------
To know how to ask questions and increase the chances of getting asnwers:
http://www.sqlservercentral.com/articles/Best+Practices/61537/
For better answers on performance questions, click on the following...
http://www.sqlservercentral.com/articles/SQLServerCentral/66909/
March 19, 2014 at 5:05 am
Adi, thank you for you answer.
When I have to use dynamic sql, security is no problem, because it's an "in the house" job, used for reporting.
But I was hoping for better solution, where the user could give an "array of numbers" for choosing the items used in the report.
March 19, 2014 at 5:33 am
Another approach is to convert the list into a table and then run your query against the table. Here's an example using @strParams as your passed parameter string.
declare @strParams varchar(100) = '1,14,65,234,16443,145,1669,2';
select column_list
from table_name
where exists (select 1
from DelimitedSplit8K(@strParams, ',') s
where s.Item = table_name.some_id_field);
If you haven't used Jeff Moden's string splitter, I highly recommend it. It'll change the way you look at strings and your expectation of performance. It is at http://www.sqlservercentral.com/articles/Tally+Table/72993/.
March 19, 2014 at 9:11 am
Ed Wagner (3/19/2014)
Another approach is to convert the list into a table and then run your query against the table. Here's an example using @strParams as your passed parameter string.
declare @strParams varchar(100) = '1,14,65,234,16443,145,1669,2';select column_list
from table_name
where exists (select 1
from DelimitedSplit8K(@strParams, ',') s
where s.Item = table_name.some_id_field);
If you haven't used Jeff Moden's string splitter, I highly recommend it. It'll change the way you look at strings and your expectation of performance. It is at http://www.sqlservercentral.com/articles/Tally+Table/72993/.
To add to that, the method above will make it impossible for an SQL Injection attack.
--Jeff Moden
Change is inevitable... Change for the better is not.
March 21, 2014 at 2:29 am
Ad and Jeff, thanks for your answer.
The solution presented in this article is superb.
But before I could implement it (I had to make a Tally table and the function) the user decided to another outcome (in an Excel report). I had to add an extra column with the parameter numbers in it. So the user could select the wanted numbers in Excel in stead of in a given parameter-list.
So I didn't use the given solution. But next time I will 😉
March 21, 2014 at 5:49 am
Henk Schreij (3/21/2014)
Ad and Jeff, thanks for your answer.The solution presented in this article is superb.
But before I could implement it (I had to make a Tally table and the function) the user decided to another outcome (in an Excel report). I had to add an extra column with the parameter numbers in it. So the user could select the wanted numbers in Excel in stead of in a given parameter-list.
So I didn't use the given solution. But next time I will 😉
Glad we could help. You know, now that you have the Tally table and the DelimitedSplit8K function, take some time to play around and get used to it. I've heard it described as the "Swiss Army Knife of SQL" by some people. It really does lend itself to some very high performance code. It's another tool you can keep in your toolbox for when you need it.
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply