return in conditional processing method
public static string InsertParameters (ref list<oracleparameter> orclparameters, int[] lsids, String uniqueparname )
{
String Strparametros = String. Empty;
for (int i = 0; I <= lsids.length-1; i++)
{
Strparametros + = i = = 0? ":" + uniqueparname + I: ",:" + Uniqueparname + i;
OracleParameter param = new OracleParameter (Uniqueparname + i.tostring (), oracletype.number);
Param. Value = Lsids[i];
Orclparameters.add (param);
}
return Strparametros;
}
Code calls use the
list<oracleparameter> parameterlist = new list<oracleparameter> ();
string[] Strarray = state. Split (new char[] {', '});
Int[] Intarray;
Intarray = array.convertall<string, int> (strarray, s = = int). Parse (s));//string array converted to int array
String idstr = Dboperator.insertparameters (ref parameterlist, intarray, "id");
String www = "(" +state+ ")";
Strwhere + = "and q.state in (IDSTR))";
for (int i = 0; i < idstr.split (', '). length;i++)
{
DBOperator.SPWrite.MakeInParam (Idstr.split (', ') [i], Dbtype.int32,-1, intarray[i]);
}
. NET prevents SQL injection parameterization in the Oracle database for in-condition queries