Well, I guess if there is no user input going into the query it's not a big
dea,l of course if there is you should at least sanitize it to prevent
injection.
On Apr 10, 2016 2:39 PM, "Luiz Americo Pereira Camara" <
luizameri...@gmail.com> wrote:
>
>
> 2016-04-10 16:29 GMT-03:00 Tony Caduto
2016-04-10 16:29 GMT-03:00 Tony Caduto :
> What about using a stored procedure to do it ? You could pass the list
> for the in as a string and handle it in the stored procedure. Of course
> that's no help if using sqlite or other that does not support stored
> procedures.
What about using a stored procedure to do it ? You could pass the list for
the in as a string and handle it in the stored procedure. Of course that's
no help if using sqlite or other that does not support stored procedures.
On Apr 10, 2016 1:39 PM, "Stephen Chrzanowski"
2016-04-10 15:39 GMT-03:00 Stephen Chrzanowski :
> Due to the nature of the bind mechanism, you won't be able to do it this
> way. The only way you'll be able to do that is with your program doing
> string substitution instead of doing the bind. Since you're dealing with
>
2016-04-10 11:01 GMT-03:00 Tony Caduto :
> Did you try putting quotes around the param ID in the sql query?
> in(":myparam")
> I am guessing it's the commas that are the problem.
>
Its the other way around the problem is the quotes
See the attached app.
When using Select
The problem with that Tony is that the the bind might make :myparam a
string, so you'll be doing a 1-integer to 1-string comparison, which won't
give you any results. Essentially you'll be asking for a list of results
whos field is equal to "1,2,3,4", not a list of results in which the field
in
Did you try putting quotes around the param ID in the sql query?
in(":myparam")
I am guessing it's the commas that are the problem.
Sqlite will accept double qoutes as will MySQL postgres will not though.
On Apr 10, 2016 7:40 AM, "leledumbo" wrote:
> > But until now
> But until now i havent figured a way to pass an array of values (mostly
integers) to be used with IN operators.
That, unfortunately, is not possible. It's a DBMS limitation, parameterized
values are actually passed as is to DBMS. So there's nothing you can do
unless you can convince DBMS