Home > Software engineering >  How to pass string to where clause - mySQL
How to pass string to where clause - mySQL

Time:10-12

I hope someone could help.

From a C# app, I need to get some data from mySQL db. There is no procedure, so unfortunately I have to write the query inside the code...

I have a list of ids (guid), which I am sending through postman

{
   "meetingIds":[
      "9a4059c9-8c41-0afp-245e-9b9147bd5549",
      "b90oz505-9adb-ca9c-7791-5b9133bb7a1c",
      "9ghfc65b-1abb-88u6-8584-5e8p8af61050"
   ]
}

afer received into the app, I am adding the single quote to each of them

var singleQuote = "";
string stringOfIds = string.Join(", ", request.meetingIds.Select(x => singleQuote   x   singleQuote));

so I am getting a string which looks like this:

'9a4059c9-8c41-0afp-245e-9b9147bd5549', 'b90oz505-9adb-ca9c-7791-5b9133bb7a1c', '9ghfc65b-1abb-88u6-8584-5e8p8af61050'

and I am passing that to a query as string (meetingIds), but I am getting no results... if I pass just one id, it works fine.

This is the part of the query

MySqlCommand cmd = new MySqlCommand(
@"select     u.user_id          as userId,
             u.first_name       as firstName,
             u.last_name        as lastName,
             u.date_inserted    as dateModified, 
             u.campaign         as campaignId, 
             u.status           as status, 
             from meetings u
             where m.id in (@meetingIds);", conn);

             cmd.Parameters.AddWithValue("@meetingIds", meetingIds);

I know about the danger of SQL injection, but I dont see any other way to do this... and even this one is not working...

I am open for all suggestions, thank you.

CodePudding user response:

I think you run into the same issue as: Add List<int> to a mysql parameter. The answer using FIND_IN_SET function should solve your problem as well. Hope it helps.

  • Related