how can I pass an array to a execute store command?

Question

How to pass an array of integer separated by comma to an ExecuteStoreCommandin the entities as a parameter I am not able to execute this :

this.Obj         


        

Answer 1

Though it looks like a string.Format operation, ExecuteStoreCommand is internally building a parameterized query to increase performance and help protect you from SQL injection attacks. (MSDN)

When you do your string.Join as a parameter to ExecuteStoreCommand, it treats that result not as a list of values for the IN clause, but a string that just happens to look like one. Basically it will generate an IN clause that looks like this:

(UnitId IN ('1,2,3'))

Which is obviously not what you want.

You're going to have to build the SQL command with the string.Join-ed list of uinitIds BEFORE passing it ExecuteStoreCommand:

string query = @"INSERT INTO SurveyPatientListMrns  (UserData, MrnId) 
    SELECT DISTINCT '{0}' , MrnId 
    FROM PatientVisits WHERE (FacilityId = {1}) AND 
    (UnitId IN (" + string.Join(",", unitIds) + "))";
this.ObjectContext.ExecuteStoreCommand(query, userData, facilityId);

Normally one should avoid dynamically building SQL queries because of the possibility of a SQL injection attack, but in this case, you know that unitIds is a list of integers, and therefore you should be OK.