views:

446

answers:

3
A: 

Its more like:

create  proc [dbo].[GetRequestsItems](@RequestIds as varchar(8000)) as
exec('select ri.id, ri.RequestID, ri.Namefrom RequestItems ri with(nolock)
where RequestID in ('+@RequestIds+')')

and then you pass in a string of ids like: "3, 47, 10, 9"

JBrooks
And get all the wonders of SQL injection.
Pavel Minaev
I don't think you are going to have an input box where the user types in a bunch of ids. My example came from a list that the user could check the checkboxes of the rows they wanted, I then generate the list of IDs based on that. Then bring back the child rows. No opportunity for sql injection there.
JBrooks
A: 

Arrays and Lists in SQL Server 2005 by Erland Sommarskog. The reference article on the subject, with all alternatives deeply covered and discussed. The SO duplicate actually fails to mention this one, which is a shame.

As of 2008 there is also the table valued parameter option.

Remus Rusanu
A: 

I've found it useful to use stored procedures with the array of values passed in as XML:

<languages>
   <id>2001</id>
   <id>2023</id>
   <id>2076</id>
</languages>


CREATE PROCEDURE [dbo].[GetStringsFromLanguageIds]
@languageIds xml
AS
BEGIN

SELECT StringID
FROM TRANSLATIONTB
JOIN @languageIds.nodes('languages/id') R(languages)
ON LanguageID = languages.value('.','int')

END
James Conigliaro
@James: just curious. Your choice either way, but did you read the part about how this question is likely to be closed as a duplicate?
John Saunders