tags:

views:

128

answers:

4
+2  Q: 

Oracle: How can I parameterize a list?

I have a query with a where clause that looks like:

WHERE field IN ( 1, 2, 3 )

Is possible to parametrize this so it looks something like:

WHERE field in ( :list )?

How do you create the :list parameter, assuming it's a list of ints, that could be anywhere from 1 to 10 ints?

ASP.net, webforms if that makes a difference.

A: 

Same answer as SQL Server, already asked here: http://stackoverflow.com/questions/337704/parameterizing-a-sql-in-clause

Nick Craver  2010-02-17 17:41:29
That is the worst performing avenue to take. Last time I saw a reference to that answer, it was torn to shreds. The best approach is to convert the string/etc list representation into a table, and then join onto it.
OMG Ponies  2010-02-17 19:15:58
Can you point to that discussion? I understand there are compromises in this approach, but not sure if creating a temp. table for each query is going to be an easy fix.
chris  2010-02-17 20:02:06
@OMG, @chris - Sorry, I just re-read this, don't look at the accepted answer, look down one that's top voted.
Nick Craver  2010-02-17 21:28:49
A: 

As far as I know, you cannot. You'd be mixing values and operators in the same place.

However, it should be fairly simple to create automatically an array of parameters in ASP.NET and get this dynamically:

WHERE field IN (:list1, :list2, :list3, :list4)
Álvaro G. Vicario  2010-02-17 17:41:51
+1  A: 

There are two ways of accommodating Dynamic IN lists:

  1. Convert the comma separated list into a derived table (AKA inline view)
  2. Use dynamic SQL

Non-Dynamic

Most prefer the non-dynamic SQL approach - this link provides various ways to do it. The biggest reason to use this over:

WHERE :list LIKE '%,' || t.column || ',%'

...is that the above:

  1. Will never be able to use an index
  2. Won't be able to match the first or last parameter in the list, because commas are required on either end to match

The simple fact is, it won't work as intended. A regex, supported on Oracle 10g+, would allow for conditional checking on the column but still faces the problem of rendering an index as moot

Dynamic SQL

Mention "dynamic SQL", and you likely will be hounded about SQL injection attacks. Using a bind variable alleviates the concern.

That said, dynamic SQL requires the least change to the query.

OMG Ponies  2010-02-18 03:23:03
A: 

This question 'how do I bind an in list' seems to come up a lot.

The easiest 'trick' to do this in Oracle is using the answer I posted here:

http://stackoverflow.com/questions/1721759/dynamic-query-with-hibernatecritera-api-oracle-performance/1722045#1722045

I cannot pretent it is my trick, as it came from Tom Kyte's blog, who is an Oracle guru!

Stephen ODonnell  2010-02-18 17:00:26

related questions

Backup SQL Schema Only?
Sql to query a dbs scheme
Timer-based event triggers
Sql query, count and group by
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting
How do I use T-SQL Group By
What all do I need to escape when sending a (My)SQL query?
Split String in SQL
Datatable vs Dataset
ASP.NET MVC "CRUD" Database Sample
Convert HashBytes to VarChar
Best Book for a new Database Developer
What is the best way to avoid SQL injection attacks?
What language do you use for Postgresql triggers and stored procedures?
What is the best way to handle multiple permission types?
How do I index a database field
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
Is there a version control system for database structure changes?
How to export data from SQL Server 2005 to MySQL
ASP.NET Site Maps
Decoding T-SQL CAST in C#/VB.net
Flat File Databases in PHP