开发者

Prepared Statements - Iterative query

问答 作者:

I have to upgrade the following code to use prepared statements:

OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT [EMail] from myTable WHERE "+,
for (int i = 0; i < 50; i++)
{
   if (i > 0)
   {
      cmd.CommandText += " OR ";
   }
   cmd.CommandText += "UNIQUE_ID = " + lUniqueIDS[i];
}

Forb开发者_JS百科id my stupid code above, it's just an example... I'm trying to fetch all the Emails of users with IDs either x, y, z, etc...

The question is - how can I rewrite it using prepared statements? A blind naive guess would be 

for (int i = 0; i < 50; i++)
{
   if (i > 0)
   {
      cmd.CommandText += " OR ";
   }
   cmd.CommandText += "UNIQUE_ID = ?";
   cmd.Parameters.Add("@UNIQUE_ID", OdbcType.BigInt).Value = lUniqueIDS[i];
}

Should it work? Can I append the same parameter (unique_id) more than once?

It looks like you're using positional parameters (i.e. ? in the query, rather than @UNIQUE_ID) which means the names of the parameters shouldn't matter as far as the SQL is concerned. However, I wouldn't be entirely surprised to see the provider complain... and it may make diagnostics harder too. I suggest you use the index as a suffix:

cmd.Parameters.Add("@UNIQUE_ID" + i, ObdcType.BigInt).Value = lUniqueIDs[i];

继续阅读:iterationprepared-statementsql

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9