Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Replacing/Adding single quotes for values in WHERE clause

Status
Not open for further replies.
xcaliber2222

xcaliber2222

Programmer
Apr 10, 2008
70
US
Hello,

I have a strSQL statement where I'm taking in arguments that are building the 'IN' part of my WHERE clause. For example:

Code: 
       strSQL = "SELECT " & _
                "invoice.invoice_num, " & _
                "invoice.invoice_date, " & _
                "pickup.zip_code, " & _
                "delivery.company_name, " & _
                "job.weight, " & _
                "job.dim_weight, " & _
                "WHERE " & _
                " invoice.invoice_date = '" & dttmStart & "' AND " & _
                " invoice.cust_code IN '" & strCustCodeList & "'"

The strCustCodeList is taking in values from the database table as such: 123454,123456,123457

Can someone please show me how to form this string so it will come in as such: ('123454','123456','123457') with the single quotes? Unfortunately, these are varchar values in the database and dong a cast or convert on these is not an option either.

Any help would be greatly appreciated.

Thank you,
Alejandro

 
Sort by date Sort by votes
do not use injected sql, use parameterized queries.
1. they prevent sql injection
2. they can execute faster
3. they negate the problems you are having.

as for your scenario you need to loop through the values and add parameters.
Code: 
var sql = @"select [columns] from [tables] where date = @date and id in (";
var ids = get_ids_from_database();
for(var i = 0; i < ids.Count; i++)
{
   if(i > 0) sql+=",";
   sql += "@p"+i;
}
sql+=")";

var command = connection.CreateCommand();
command.CommandText = sql;
command.Parameters.Add("@date", DateTime.Now);
for(var i = 0; i < ids.Count; i++)
{
   command.Parameters.Add("@p"+1, ids[i]);
}
command.ExecuteReader();
...

Jason Meckley
Programmer
Specialty Bakers, Inc.
 
Upvote 0 Downvote
Thanks Jason. Actually, I'm limited to what I can do because it is a fairly large established project. My solution was this:

" invoice.cust_code IN ('" & Replace(strCustCodeList, ",", "','") & "')"

Thanks for the great advice and sample though.

Alejandro
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

michael12061206
  • Locked
  • Question
free javascript library for airliner diagrams
Replies
1
Views
349
xwb
xwb
JohnB33
  • Locked
  • Question
int type causes error
Replies
0
Views
330
JohnB33
JohnB33
G12Consult
  • Locked
  • Question
How to append quotes
Replies
3
Views
120
xwb
xwb
G12Consult
  • Locked
  • Question
Different landing pages for different roles
Replies
0
Views
363
G12Consult
G12Consult
a6green
  • Locked
  • Question
How to configure AT&T / Avaya Definity G3 incoming ISDN trunk
Replies
2
Views
410
a6green
a6green

Part and Inventory Search

Sponsor

Back
Top