0

I'm writing a SQL code using an IN operator. It is working good unless I encountered some records having comma in the strings.

This is where I am failing to fetch those records. For example -: 'Pratik,Sarangi' is a record i want to pass in the IN clause where in it reads as 2 different datas.

I am using Oracle SQL to build the query

select * from table where name in (:name)

where :name is a user input parameter.

Pratik Sarangi
  • 3
  • 2
  • 1
    This suggests you're doing something rather worrying with your query - a correctly secured application should completely separate the input from query, no matter what punctuation it contains. Perhaps if you [edit] your question to show the code where you create the SQL we will be able to see why it's happening. Please also mention which language and database you're using, – IMSoP Feb 18 '19 at 16:52
  • I am sorry about that. Let me edit my question and re post it. I was using SQL – Pratik Sarangi Feb 18 '19 at 16:53
  • I just updated the Question as suggested by @IMsoP. I am using Oracle DB – Pratik Sarangi Feb 18 '19 at 16:56
  • You need to convert your string into an array. There are many threads on how to achieve this with Oracle, and there are several different approaches. [This answer is the best summary of the different options](https://stackoverflow.com/a/38372145/146325) – APC Feb 18 '19 at 17:15
  • Please, add your current query and the expected output/s. – Georgy Feb 18 '19 at 18:02

0 Answers0