Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
plspa
Starting Member
2 Posts |
 Posted - 2003-08-19 : 21:49:58
|
MSSQL 2000, Clasic ASPI have a page which passes the values of a multi-select boks (seems my ecks key does not work) to a processing page. I then need to use the results of Request.Form('mulitselect') to build an IN clause in my sql. No matter how I format it I always get an error because the variable I have constructed is, to its mind, a [string]. I've tried every way I can think of the build this IN clause - as simple as IN(1,2,3) - but can't find the right way to do it. Can one actually build a proper IN clause from passed in variable or must IN (...) be the result of a sub-query or literals. I have gotten this problem semi-solved by dynamically adding as many 'OR' clauses as there are values passed but it really seems like the height of kludge.  Must be a better way.Any help towards a solution would be very much appreciated. Thanks in advance.Peter |
|
|
robvolk
Most Valuable Yak
15732 Posts |
Posted - 2003-08-19 : 22:14:25
|
| There are a couple of ways to do it. Dynamic SQL is one:http://www.sqlteam.com/item.asp?ItemID=4599http://www.sqlteam.com/item.asp?ItemID=4619CSV parsing is another:http://www.sqlteam.com/SearchResults.asp?SearchTerms=csvIt would be better to avoid dynamic SQL as it sometimes performs worse than non-dynamic SQL, but mostly because dynamic SQL, especially on a web page, is very insecure and can be easily hacked by even the most moronic hacker. Using one of the CSV parsing methods in a stored procedure is the best method. |
 |
|
|
plspa
Starting Member
2 Posts |
Posted - 2003-08-19 : 23:57:48
|
| robvolk, Thanks very much for your speedy reply, the excellent references and your advice. I need to study on this a but but I can see that my answer is in there some where - just a matter of which is better for the situation.Thanks again, appreciate it! |
|
|
|
|
|
|
|
|
Building IN clause from Request,forms vars