Multi-value parameter used with execute(@sql)

Question

I'm having a hard time trying to figure out how to make this work :

I have a big SQL query used for a report, that is run using " execute(@sql) ". Withing @sql I have various select statements that I would like to filter using the values in the multi-value parameter passed from my report @filtervalues.

I've tested the following (this is an example query):

Set @Sql='Select * from my table where field in ('+@filtervalues+')'

When I select a single value in the parameter, the profiler reads it as follows:

Select * from mytable where field in(1234356-1234-1234-1234-123456)

So the selected Guid is without quotes, resulting in " error near 123456 "

On the other hand, if I selected several values:

Select * from mytable where field in ('+N'1234456-1231-1234-1244566',N'2345333-3243-2342-2342-23423423'+)

So it adds extra ' and +

Can you help me with this ?

Note: I cannot use the suggested solution on many websites to apply the filter on the table directly, because this would mess up the data.

Edit: The multi-value parameter is filled using this query dataset:

select 'No Filter' as fullname,'00000000-0000-0000-0000-000000000000' as systemuserid
union all
select distinct su.fullname, convert(nvarchar(90),su.systemuserid)
from  FilteredSystemUser su

Answer 1

I managed to fix this using the following :

1- In my Dataset, instead of passing the parameter as it is, I changed it to :

Join (Parameters!FilterValues.Value," ',' ")

to force the values to be sent as strings, the parameter value is as follows :

1234567','122345','12345

2- In SQL, in my procedure, I added additional ' at the beginning and the end of the parameter to make up for the missing ones. So my code shows the following:

Set @Sql='Select * from my table where field in ('''+@filtervalues+''')'