hello,
I have a list of values (up to 20,000) that I need to query a database with and I want to use parameterized queries, and I don't necessarily have the kind of access/experience to create table functions and custom types (Those are the solutions I've see so far).
Normally in straight SQL, I would just use the 'IN' clause and separate the values by comma, but if I'm accepting values from the end user I want to be protected from SQL injection attacks. (Just as a side note, normally I would use LINQ to Entities, but might not have the option for this work project).
The way I'm currently thinking of doing it is as follows:
foreach item in list of values to query for
open connection
perform query for this item
read the values from the returned data
put retrieved data into a list to look at later
close the reader
close the connection
go to next item in the foreach
So I'm going to potentially open the connection 20,000 times (Shudder, I know full well that this is stupid).
If I do everything within the same connection, wont it potentially just timeout eventually?
Would doing it in the same connection cause any blocks or performance for queries other than mine going on?
Should I be looking at connection pooling (I don't know much about it in terms of "is it automated or something I can have power over?".
Let me know if you can think of a moer sensible solution.
thanks.