http://forums.asp.net/t/1771823.aspx/1?IN+Clause+DB+HelperTue, 28 Feb 2012 01:34:34 -050017718234842049http://forums.asp.net/p/1771823/4842049.aspx/1?IN+Clause+DB+Helper <p>I have posted a thread here regarding deleting of selected items using webgrid&#43;checkbox <a title="http://forums.asp.net/post/4839004.aspx" href="http://forums.asp.net/post/4839004.aspx"> http://forums.asp.net/post/4839004.aspx</a>.</p> <p>it works now with this code:</p> <pre class="prettyprint">var selectedId = Request[&quot;messageId&quot;]; var getFromSample = &quot;SELECT * FROM sample WHERE id IN ({0})&quot;; selectedMessageData = db.QueryIn(getFromSample, selectedId); @* <em>I have no idea here how can I get the data from the previous query</em> *@ var insertToTrash = &quot;INSERT INTO sample_trash (idOfTrashedMessage, subject, sender, date_sent) VALUES (@0, @1, @2, @3)&quot;; db.Execute(insertToTrash, <em>data from the getFromSample query</em>) var delFromSample = &quot;DELETE FROM sample WHERE id IN ({0})&quot;; db.ExecuteIn(delFromSample, selectedId);</pre> <p>Now, I want to know if how can I get first the selected items from the db using SELECT then transfer it to another table using INSERT before deleting. Something like this = SELECT -&gt; INSERT -&gt; DELETE. Thanks!</p> 2012-02-21T02:19:25-05:004842071http://forums.asp.net/p/1771823/4842071.aspx/1?Re+IN+Clause+DB+Helper <p>You can use a single SQL statement for Insert .</p> <p>eg : - Insert into&nbsp;sample_trash&nbsp;(idOfTrashedMessage, subject, sender, date_sent) select &nbsp;[column name /* ]&nbsp;</p> <pre class="prettyprint">FROM sample WHERE id IN ([selectedId])</pre> <p></p> <p><b>INSERT INTO Store_Information (store_name, Sales, Date)<br> SELECT store_name, Sales, Date<br> FROM Sales_Information<br> WHERE Year(Date) = 1998</b></p> 2012-02-21T02:40:19-05:004842411http://forums.asp.net/p/1771823/4842411.aspx/1?Re+IN+Clause+DB+Helper <p>The correct statements should be:</p> <pre class="prettyprint">var insertToTrash = &quot;INSERT INTO sample_trash (idOfTrashedMessage, subject, sender, date_sent) &quot; &#43; &quot;SELECT id, subject, sender, date_sent FROM sample WHERE id IN ({0})&quot;; db.ExecuteIn(insertToTrash, selectedId); var delFromSample = &quot;DELETE FROM sample WHERE id IN ({0})&quot;; db.ExecuteIn(delFromSample, selectedId);</pre> 2012-02-21T07:29:54-05:004842991http://forums.asp.net/p/1771823/4842991.aspx/1?Re+IN+Clause+DB+Helper <p>Hi,</p> <p>You just need to concatenate...use &#43; to concatenate.</p> <p>&nbsp;</p> 2012-02-21T11:28:52-05:004843646http://forums.asp.net/p/1771823/4843646.aspx/1?Re+IN+Clause+DB+Helper <p></p> <blockquote><span class="icon-blockquote"></span> <h4>vivekreddy</h4> You just need to concatenate</blockquote> <p></p> <p>We do not recommend concatenating user input to generate SQL dynamically. Read this to see why: <a href="http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET"> http://www.mikesdotnetting.com/Article/113/Preventing-SQL-Injection-in-ASP.NET</a></p> <p></p> 2012-02-21T17:52:29-05:004843668http://forums.asp.net/p/1771823/4843668.aspx/1?Re+IN+Clause+DB+Helper <p>I tried the concatenated query string and it didn't worked. And in the first place, I want all my query to be parameterized. Is there anyway for me to achieve the goal?</p> 2012-02-21T18:13:55-05:004853800http://forums.asp.net/p/1771823/4853800.aspx/1?Re+IN+Clause+DB+Helper <p>Hi</p> <p>You can read&nbsp;Mikesdotnetting's article.</p> <p>It's really what you need.</p> <p></p> 2012-02-28T01:34:34-05:00