• subscribe
Search
Browse By: Author | Issue
January 18, 2005 12:00 AM

Building Dynamic IN Lists

Microsoft's Sql Server Development Team
SQL Server Pro
InstantDoc ID #44939
Downloads
44939.zip

When I execute the query

SELECT TOP 10 * FROM claim
WHERE status IN ('paid, 'denied')

I get 10 rows. However, when I try to use a variable to specify the IN list, as in the following query, I receive no rows:

DECLARE @status varchar(20)
SET @status='paid'' +','+''denied''

PRINT @status
SELECT TOP 10 * FROM claim
WHERE status IN (@status)

Why doesn't the second query return the same results as the first one?

As you discovered, you can't use a variable to specify a query's IN list. However, you can use dynamic string execution to get around this restriction and take advantage of the flexibility of using variables—which can be passed from your application's user interface, usually through a set of check boxes.

In dynamic string execution, you construct a variable that contains the complete SQL query, then execute the query by using either the sp_executesql system stored procedure or the EXEC() function. So in your case, you can append to the query the IN list that your variable specifies. Listing 1 shows an example of using sp_executesql to execute the string.

The downside to dynamic string execution is that the execution context is always that of the caller, meaning you might need to construct views to give the calling applications access to the appropriate columns in the underlying tables. SQL Server 2005 removes this execution-context restriction, letting enterprise applications more easily and effectively use dynamic string execution.

—Patrick Conlan
Platform Program Manager,
Microsoft Project Team



ARTICLE TOOLS


Want to use this article? Click here for options!

Comments
Add A Comment
  • John
    5 years ago
    Mar 08, 2007

    The dynamic SQL is kind of kludgy and opens up a lot of problems and security issues. E.g., SQL injection. A better way is to take the IN list strings and populate a table variable. Then reference the table variable using an IN clause with a sub-select or directly via an INNER JOIN. There are a number of ways to get the list of strings into the stored procedure (right?) that performs the query. 1. A delimited string (e.g., pipe delimited) with a companion function that parses and pivots the string into a table result set.
    2. Pass the IN list strings into the procedure as an XML snippet. Then you can use the built-in XML features to pivot the XML into an internal table.

  • KUMAR
    7 years ago
    Apr 28, 2005

    This is not abot this article, but about the May 2005 article by Vinod Kumar, which does not bring up a Reader Comments box when you click on it - Where are Figure 1, Figure 2, Figure 3, and the remining Figures, if any? You cannot click on them, nor are they openly displayed in the article.

  • Anonymous User
    7 years ago
    Apr 21, 2005

    I will usually use a temp table or table variable. I then parse the @status variable, putting one row at a time in the temp table. I then use the temp table in the "in" statement.

You must log on before posting a comment.

Are you a new visitor? Register Here
  • SP1?
    I know there is a SP1 for SQL 2008 R2 available....and there is a "feature pack" as well... ...
  • SQL database mirroring
    I have SQL Server 2008 R2 Enterprise 64bit on Windows 2008 R2 Enterprise 64bit.  Each SQL Server has...
  • Dell Compellent Disk Drive
    Does anybody has experience with Dell Compellent Disk Drive? Basically, this system manages all disk...
  • Sql server performance tuning
    I need to find a tool that help me to optimize sql server,queries,improve the performance and solve ...

© 2012 Penton Media, Inc.

Windows is a trademark of the Microsoft group of companies. Windows IT Pro is used by Penton Media Inc. under license from owner.