0

It seems that the mysql select parameter is being inserted with double quotes

string strEstablishments = String.Join(",", myEstablishments);

strEstablishments contains (from the VS2019 debug window) 

"'1007','3'"


sqlDSselectEstablishment.SelectParameters.Add("Establishments", strEstablishments);

sqlDSselectEstablishment.SelectCommand = "SELECT EstablishID,Description FROM tblEstablishment WHERE EstablishID IN (@Establishments)";

But this doesn't give the result expected it only returns one result that the dropdown is populated with but should return two (establishments 1007 and 3)

It seems to me the double quotes around the string are being injected which would explain the returned results, I've tried removing them using strEstablishments.Replace("\"","") with no joy.

Running the below command from MySQL directly returns the results as expected:

SELECT EstablishID,Description FROM tblEstablishment WHERE EstablishID IN ('3','1007');

Any ideas how I can get the result as expected using asp.net

AShah
  • 846
  • 2
  • 17
  • 33
  • 2
    You cannot use a parameter to express the series of values required by the IN clause. You need a parameter for each value to pass – Steve Feb 09 '20 at 15:07
  • thanks perhaps I should of thought of doing that instead! – AShah Feb 09 '20 at 15:09
  • In the duplicate the second answer seems a pretty simple solution, but I would check the performance if you have a lot of parameters. – Steve Feb 09 '20 at 15:10

0 Answers0