You need to use the IN keyword in your scenario. The problem is that the SqlCommand.Parameters
pattern does not build the query itself, but calls a stored procedure on the database:
exec sp_executesql N'UPDATE relate_fruit_crate set CrateID = @selectedCrateID where FruitID in(''@selectedFruitIDs'')', N'@selectedCrateID nvarchar(1),@selectedFruitIDs nvarchar(5)', @selectedCrateID = N'1', @selectedFruitIDs = N'1,2'
This will not work as the array is escaped.
The workaround would be to either use a normal StringBuilder
to create the query. (Warning! SQL Injection) or to call the query for each ID separately.
Maybe there's a way to do this with the SqlCommand.Parameters
, but I could not find one.
OLD POST::
string updateStatement = "UPDATE relate_fruit_crate set CrateID IN ('@selectedCrateID') where FruitID = '@selectedFruitIDs'";
[....]
cmd.Parameters.Add(new SqlParameter("@selectedFruitIDs", String.Join("','",selectedFruitIDs.ToArray())));
and equals (=) query will only match a single value.