Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dapper OracleDynamicParameters, multipleQquery and clause 'in' #53

Open
figueiredorj opened this issue Oct 11, 2021 · 5 comments
Open

Dapper OracleDynamicParameters, multipleQquery and clause 'in' #53

figueiredorj opened this issue Oct 11, 2021 · 5 comments

Comments

@figueiredorj
Copy link

figueiredorj commented Oct 11, 2021
edited
Loading

Hi,
I am struggling with something not sure why not able to execute.

I have a clause in that I would like to execute in a second query...
for simplicity let's say something like :

`

begin

  open :c_query1 for
    select * from T1;

  open :c_query2 for
  select * from T2 t_t2 where t_t2.name in :pNames;

end;

`

where I would have my parameters as
`

            var dynParams = new OracleDynamicParameters();
            dynParams.Add(":c_query1", direction: ParameterDirection.Output, dbType: OracleMappingType.RefCursor);
            dynParams.Add(":c_query2", direction: ParameterDirection.Output, dbType: OracleMappingType.RefCursor);
            dynParams.Add(":pNames", new[] {"AA", "BB"});

`

when I execute this my "in clause" comes empty....
any idea?
thanks
@theumairtahir
Copy link

Hello!
Can you please show that how are you declaring the "pNames" parameter into the procedure?

@figueiredorj
Copy link
Author

Hi @ut786
actually it is a text query....

I am able to query "in clause" with DynamicParameters... however when I change it for OracleDynamicParameters then query is as if no collection passed on....

@theumairtahir
Copy link

Actually I couldn't get what you are actually doing. But somehow I get what you want to do. I am showing you the sample on how you can achieve that.
First change pNames type to VARCHAR2 then write the query like this in the procedure:
open :c_query2 for 'select * from T2 t_t2 where t_t2.name in ('|| :pNames';
Then in the C# code:
var values = new string[]{"AA", "BB"};
dynParams.Add(":pNames", direction: ParameterDirection.Input, dbType: OracleMappingType.VARCHAR2, value: string.Join(',', values));

@figueiredorj
Copy link
Author

Hi @ut786 ,
that is what I already doing (string concatenation) and was trying to avoid... as for that is always risk of sql injection, I would say....
and actually using "Aggregate" - cleaner....

@theumairtahir
Copy link

Hi @ut786 , that is what I already doing (string concatenation) and was trying to avoid... as for that is always risk of sql injection, I would say.... and actually using "Aggregate" - cleaner....

Try to use DataTable in instead of string array.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@figueiredorj @theumairtahir