IMO this isn't a good way to approach this problem, by passing a list of filter values for a column in a comma separated string, as this is almost encouraging a Dynamic Sql approach to the problem (i.e. where you EXEC a built Sql string which pastes in the @InvoiceMethod
as a string).
Instead, Sql 2008 has Table Valued Parameters, (and prior to this, you could use Xml), which allows you to pass structured data into a procedure in a table format.
You then just need to join to this table parameter to effect the 1..N
valued IN ()
filtering.
CREATE TYPE ttInvoiceMethods AS TABLE
(
Method VARCHAR(20)
);
GO
CREATE PROCEDURE dbo.SomeProc
(
@InvoiceMethod ttInvoiceMethods READONLY, -- ... Other Params here
)
AS
begin
SELECT Col1, Col2, ...
FROM Table1
INNER JOIN @InvoiceMethod
ON Table1.def = @InvoiceMethod.Method -- Join here
WHERE User1 = @Owner
... Other Filters here
END
Have a look here for a similar solution with a fiddle.
Edit
The optional parameter (@InvoiceMethod = ''
) can be handled by changing the JOIN to the TVP with a subquery:
WHERE
-- ... Other filters
AND (Table1.def IN (SELECT Method FROM @InvoiceMethod))
OR @InvoiceMethod IS NULL)
To Initialize a TVP to NULL, just don't bind to it in C# at all.