How to execute a ExecuteNonQuery with List parameters in Where Clause

https://stackoverflow.com/questions/22825688

26-06-2023
|

Question

My code looks like this:

var settings = ConfigurationManager.ConnectionStrings["InsurableRiskDB"];
            string server = ConfigurationManager.AppSettings["Server"];
            string cs = String.Format(ConfigurationManager.AppSettings[settings.ProviderName], ConfigurationManager.AppSettings[server]);
            SqlConnection connection = new SqlConnection(cs);

            string PolicyKeys = "";
            for (int i = 0; i < keys.Count(); i++)
            {
                if (i == keys.Count() - 1)
                    PolicyKeys += keys[i] ;
                else
                    PolicyKeys += keys[i] + ", ";
            }

            //have to change the code to pull the user's NBK.
            string user = "'DATALOAD'";
            const string updateQuery = @"UPDATE [InsurableRisk].[dbo].[Policy]
                                         SET [InsuranceCarrierKey] = @ToKey
                                              ,[AuditUser] = @User
                                              ,[AuditDate] = SYSDATETIME()
                                         WHERE PolicyKey in (@PolicyKeys) and InsuranceCarrierKey = @FromKey";
            using (connection)
            {
                using (SqlCommand dataCommand = new SqlCommand(updateQuery, connection))
                {
                    dataCommand.Parameters.AddWithValue("@ToKey", toKey);
                    dataCommand.Parameters.AddWithValue("@User", user);
                    dataCommand.Parameters.AddWithValue("@PolicyKeys", PolicyKeys);
                    dataCommand.Parameters.AddWithValue("@FromKey", fromKey);

                    connection.Open();
                    dataCommand.ExecuteNonQuery();
                    connection.Close();
                }
            }
            res = true;        
        }
        catch (Exception ex)
        {
            MessageBox.Show("There is an error while try in save the changes " + ex.Message, "Error Message", MessageBoxButtons.OKCancel);
            res = false;
        }
        return res;

Now, when i run this code, it says query is unable to execute. It throws and exception stating, it is unable to convert NVarchar to int for variable @PolicyKeys

enter image description here

Any suggestions as to what i am missing in this code?

Solution

Typically, in SQL you'd write an IN statement like this:

WHERE SomeColumn IN ('A', 'B', 'C')

What you're doing is the equivalent of this in SQL (which won't work):

WHERE SomeColumn IN ('A, B, C')

Change your SQL statement accordingly: (modified from this answer)

WHERE PolicyKey in ({0})

And then add your parameters in a loop, like this:

var parameters = new string[keys.Count()];
for (int i = 0; i < keys.Count(); i++)
{
    parameters[i] = string.Format("@Key{0}", i);
    cmd.Parameters.AddWithValue(parameters[i], keys[i]);
}

cmd.CommandText = string.Format(updateQuery, string.Join(", ", parameters));

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow