You can build your SQL string dynamically.
If you know that the data in the array is good (not provided by the user), you can simply create a string. Joyne.
var sql = string.Format("SELECT * FROM myTable WHERE myColumn in ({0})", string.Join(", ", myArray));
If you do not know that this is disinfected data, you should use the command with the parameters.
var myArray = new string[] { "1", "2", "3" }; //var sql = string.Format("SELECT * FROM myTable WHERE myColumn in ({0})", string.Join(", ", myArray)); var cmd = new System.Data.SqlClient.SqlCommand(); var sql = new System.Text.StringBuilder(); sql.Append("SELECT * FROM myTable WHERE myColumn in ("); for (var i = 0; i < myArray.Length; i++) { cmd.Parameters.Add("@" + i, myArray[i]); if (i > 0) sql.Append(", "); sql.Append("@" + i); } sql.Append(")"); cmd.CommandText = sql.ToString();
Brian
source share