SqlParameter In 查询

using (SqlConnection conn = new SqlConnection(connectionString))
{
    conn.Open();
    SqlCommand comm = new SqlCommand();
    comm.Connection = conn;
    //使用CHARINDEX,实现参数化查询,可以复用查询计划,同时会使索引失效
    comm.CommandText = "select * from Users(nolock) where CHARINDEX(','+ltrim(str(UserID))+',',','+@UserID+',')>0";
    comm.Parameters.Add(new SqlParameter("@UserID", SqlDbType.VarChar, -1) { Value = "1,2,3,4" });
    comm.ExecuteNonQuery();
}
posted @ 2016-01-06 12:17  FH1004322  阅读(1123)  评论(0编辑  收藏  举报