Paul, On Tue, Apr 20, 2010 at 2:31 PM, Paul Alkema <paulalkemadesi...@gmail.com>wrote:
> > Eh, sorry. I've just found the solution to my own problem. > > > > Just for future reference, this is my solution. > > > > DECLARE @idList varchar(max) > > DECLARE @sql varchar(max) > > SET @idList = '1,2' > > SET @sql = 'SELECT * FROM table WHERE ID IN (' + @idList + ')' > > EXEC(@sql) > Just watch the context that you're using this in, because depending on how @idList is being populated, you're definitely open to SQL injection. Also, the I'd use the sp_executesql over the exec command: http://www.mssqltips.com/tip.asp?tip=1160 -Dan ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:333046 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm