As has been noted, "in" lists etc are notoriously awkward in ado.net; because of this, some tools offer convenience methods to help. For example, Dapper offers a variant on the "in" syntax which it automatically expands to the correct parameterized form (still retaining injection safety etc) - in both type-bound and "dynamic" usage. For example:
string[] namelist = ...
foreach(var row in conn.Query(@"
select column_name, table_name
from information_schema.columns
where table_name in @namelist",
new { namelist } ))
{
string col = row.column_name,
table = row.table_name;
// ..
}
This also avoids the need to mess around with db-command/parameter/reader. Note the "in" without brackets which it uses to recognise this pattern.
