0

I don't think the IN clause can accept bind parameters with multiple values. Oracle can't and a couple minutes

and query is

declare @setting varchar(max)

set @setting ='''Sales Entry Grid Cursor'',''Customer Mandatory'',''Column Uom'',''Show Marka'',''Show Discount Amount In Grid'',''Show Discount % In Grid'',''Calculation based on Weight *rate'''

and stored procedure is

 Select pageconfig_action 
 From [RetailSoft].[dbo].[tbl_pageconfig] 
 Where [PageConfig_settingsName] in (@setting)
   and PageConfig_CompanyId = 1

result is empty

And pass string in directly in keyword 

Select pageconfig_action 
From [RetailSoft].[dbo].[tbl_pageconfig] 
Where [PageConfig_settingsName] in ('Sales Entry Grid Cursor', 'Customer Mandatory', 'Column Uom', 'Show Marka', 'Show Discount Amount In Grid', 'Show Discount % In Grid', 'Calculation based on Weight *rate')
  and PageConfig_CompanyId=1

then result is ok

Improve this question
2

3 Answers 3

Reset to default
1

In SQL Server 2016+: using string_split built in function. Please note, that extra single quotes are not necessary anymore:

DECLARE @setting varchar(max)

set @setting ='Sales Entry Grid Cursor,Customer Mandatory,Column Uom,Show Marka,Show Discount Amount In Grid,Show Discount % In Grid,Calculation based on Weight *rate'


Select pageconfig_action from [RetailSoft].[dbo].[tbl_pageconfig] 
Where [PageConfig_settingsName] in(SELECT value FROM string_split(@setting, ',') )
 and PageConfig_CompanyId=1

If you run SQL Server older than SQL 2016, the answer of @GuidoG is a preferable method

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Like the other answer, [PageConfig_settingsName] in( '+@setting+ ' ) is a vulnerability waiting to be exploited. That solution is far from recommended.
@Larnu, yeps, true, there is a warning in my answer ;)
So include only methods that aren't exploitable. An answer that provides (such a large) a security flaw should be avoided.
I see, have no objections
1

You need to make Setting a table, not a varchar.
Then there is no need for dynamic sql and you can keep it simple like this

declare @Setting table (name varchar(50))

insert into @Setting (name)
values ('Sales Entry Grid Cursor'), 
       ('Customer Mandatory'),
       ('Column Uom'),
       ('Show Marka'),
       ('Show Discount Amount In Grid'),
       ('Show Discount % In Grid'),
       ('Calculation based on Weight *rate')

Select pageconfig_action 
from   [RetailSoft].[dbo].[tbl_pageconfig] 
Where  [PageConfig_settingsName] in (select name from @setting)
and    PageConfig_CompanyId=1
Improve this answer

Comments

0

You're misunderstanding how strings are treated in SQL Server. The string you have ('''Sales Entry Grid Cursor'',''Customer Mandatory'',''Column Uom'',''Show Marka'',''Show Discount Amount In Grid'',''Show Discount % In Grid'',''Calculation based on Weight *rate''') is one literal value, not multiple values. IN won't "work" against it because it's looking for a row has that whole string's value for PageConfig_settingsName.

There are 2 options here. The first is to split your string and compare:

SELECT pageconfig_action
FROM [RetailSoft].[dbo].[tbl_pageconfig]
     CROSS APPLY STRING_SPLIT(@setting, ',') SS
WHERE [PageConfig_settingsName] = SS.[value]
  AND PageConfig_CompanyId = 1;

Note you don't needs the quotes around each utem (unless that really have those quotes in their value)

If you aren't on SQL Server 2016+ search delimitedsplit8k (If you're on 2008), or delimitedsplit8k_lead if you're on 2012/2014.

Otherwise, you can use a table-value variable and pass each value separately:

DECLARE @Setting table (setting varchar(255));
INSERT INTO @Setting (setting)
VALUES ('Sales Entry Grid Cursor'),
       ('Customer Mandatory'),
       ('Column Uom'),
       ('Show Marka'),
       ('Show Discount Amount In Grid'),
       ('Show Discount % In Grid'),
       ('Calculation based on Weight *rate');

SELECT P.pageconfig_action
FROM [RetailSoft].[dbo].[tbl_pageconfig] P
     JOIN @Setting S ON S.setting = P.[PageConfig_settingsName]
WHERE P.PageConfig_CompanyId = 1;
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.