The SQL statement is in the like parameter and is not implemented in the normal way
Our general thinking is:
Like parameter:
String strSQL = "SELECT * from person.address where city like '% @add% '";
Sqlparameter[] Parameters=new sqlparameter[1];
Parameters[0] = new SqlParameter ("@add", "Bre");
In Parameter
String strSQL = "SELECT * from Person.Address where Addressid in (@add)";
sqlparameter[] Parameters = new Sqlparameter[1];
Parameters[0] = new SqlParameter ("@add", "343,372,11481,11533,11535,11755,11884,12092,12093,12143");
But this is put in the program can not be executed, even if not error, but also the search results,
Go online Search also did not have a clear answer, after repeated experiments, finally solve the problem
The correct solution is as follows:
Like parameter
String strSQL = "SELECT * from person.address where city like '% ' + @add + '% '";
Sqlparameter[] Parameters=new sqlparameter[1];
Parameters[0] = new SqlParameter ("@add", "Bre");
In Parameter
String strSQL = "EXEC (' select * from Person.Address where addressid in (' [email protected]+ ') ')";
sqlparameter[] Parameters = new Sqlparameter[1];
Parameters[0] = new SqlParameter ("@add", "343,372,11481,11533,11535,11755,11884,12092,12093,12143");
SQL in and like parameterization