Cipher Cipher - 6 months ago 33
SQL Question

Incorrect syntax near comma

Here's an ASPX code snippet from when I was trying to get multiple values from a session. I am getting an error: "Incorrect syntax near comma" (marked the line in the snippet):

SqlCommand cmd1 = new SqlCommand("select plugin_id from profiles_plugins where profile_id=" + Convert.ToInt32(Session["cod"]), con);
SqlDataReader dr1 = cmd1.ExecuteReader();
var yourlist =new List<Int32>();
if (dr1.HasRows)
{
while (dr1.Read())
{
yourlist.Add(Convert.ToInt32(dr1[0]));
}
}

//String str1 = String.Join(", ", yourlist.Select(o => o.ToString()).ToArray());
dr1.Close();
cmd1.Dispose();
Array k= yourlist.ToArray();
Int32 a =Convert.ToInt32( k.GetValue(0));
Int32 b =Convert.ToInt32( k.GetValue(1));
Int32 c =Convert.ToInt32( k.GetValue(2));
Int32 d =Convert.ToInt32( k.GetValue(3));
SqlCommand cmd2 = new SqlCommand("select id,name from plugins where id =(" + a + " or " + b + " or " + c + " or " + d + ")" , con); /// Error here?
SqlDataReader dr2 = cmd2.ExecuteReader(); ///Error here?
if (dr2.HasRows)
{
while (dr2.Read())
{
ListBox2.DataSource = dr2;
ListBox2.DataBind();
}
}
dr2.Close();
cmd2.Dispose();
con.Close();


What am I missing?

Answer

SQL Query is wrong. Change it to:

    SqlCommand cmd2 = new SqlCommand("select id,name from plugins   
where id in(" + a + " , " + b + " , " + c + " , " + d +  ")" , con);