I have to upgrade the following code to use prepared statements:
OdbcCommand cmd = sql.CreateCommand();
cmd.CommandText = "SELECT [EMail] from myTable WHERE "+,
for (int i = 0; i < 50; i++)
{
if (i > 0)
{
cmd.CommandText += " OR ";
}
cmd.CommandText += "UNIQUE_ID = " + lUniqueIDS[i];
}
Forb开发者_JS百科id my stupid code above, it's just an example... I'm trying to fetch all the Emails of users with IDs either x, y, z, etc...
The question is - how can I rewrite it using prepared statements? A blind naive guess would be
for (int i = 0; i < 50; i++)
{
if (i > 0)
{
cmd.CommandText += " OR ";
}
cmd.CommandText += "UNIQUE_ID = ?";
cmd.Parameters.Add("@UNIQUE_ID", OdbcType.BigInt).Value = lUniqueIDS[i];
}
Should it work? Can I append the same parameter (unique_id) more than once?
It looks like you're using positional parameters (i.e. ? in the query, rather than @UNIQUE_ID) which means the names of the parameters shouldn't matter as far as the SQL is concerned. However, I wouldn't be entirely surprised to see the provider complain... and it may make diagnostics harder too. I suggest you use the index as a suffix:
cmd.Parameters.Add("@UNIQUE_ID" + i, ObdcType.BigInt).Value = lUniqueIDs[i];
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论