How to pass an array of integer separated by comma to an ExecuteStoreCommand
in the entities
as a parameter
I am not able to execute this :
this.Obj
Though it looks like a string.Format
operation, ExecuteStoreCommand
is internally building a parameterized query to increase performance and help protect you from SQL injection attacks. (MSDN)
When you do your string.Join
as a parameter to ExecuteStoreCommand
, it treats that result not as a list of values for the IN
clause, but a string that just happens to look like one. Basically it will generate an IN
clause that looks like this:
(UnitId IN ('1,2,3'))
Which is obviously not what you want.
You're going to have to build the SQL command with the string.Join
-ed list of uinitIds
BEFORE passing it ExecuteStoreCommand
:
string query = @"INSERT INTO SurveyPatientListMrns (UserData, MrnId)
SELECT DISTINCT '{0}' , MrnId
FROM PatientVisits WHERE (FacilityId = {1}) AND
(UnitId IN (" + string.Join(",", unitIds) + "))";
this.ObjectContext.ExecuteStoreCommand(query, userData, facilityId);
Normally one should avoid dynamically building SQL queries because of the possibility of a SQL injection attack, but in this case, you know that unitIds
is a list of integers, and therefore you should be OK.
Same approach as the answer, just demonstrating using strongly typed result set.
void Main()
{
int[] operationIds = { 1000, 1001 };
var result = ObjectContext.ExecuteStoreQuery<EncyptedPatientInfoDataContract>(
$@"SELECT OperationId, Name, OfficialId, IsPatientEncrypted FROM Patient WHERE OperationId IN ({string.Join(",", operationIds)})");
result.Dump();
}
Dump method is a method in Linqpad. Screenshot of working sample in Linqpad 5:
As the accepted answer said: