// 批量查询的 2019-05-14 
if (!string.IsNullOrWhiteSpace(Request["userCodes"]))
{
string userCodes = Request["userCodes"].Replace("\r", "").Replace(",", ",").Replace(" ", "").Trim('\n').Trim();
userCodes = Regex.Replace(userCodes, "\n+", ",");
string[] userCodeArry = userCodes.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
// 需要去重
userCodeArry = userCodeArry.Distinct().ToArray();

        // In内容没有参数化
         // List<string> listCode = new List<string>();
//foreach (var item in userCodeArry)
//{
// listCode.Add(SecretUtilitiesBase.SqlSafeOrderBy(item));
//}
//listCondition.Add(" CODE IN (" + BaseBusinessLogic.ObjectsToList(listCode.ToArray(), "'") + ")");

// 2019-06-21 参数化改造,避免硬解析
List<string> codeParameters = new List<string>();
Dictionary<string, object> codeConditions = new Dictionary<string, object>();
foreach (var code in userCodeArry)
{
codeParameters.Add(dbHelper.GetParameter("P_" + code));
codeConditions.Add("P_" + code, code);
}
listCondition.Add(" CODE IN (" + codeParameters.Join(",").TrimStart(",").TrimEnd(",") + ")");
dbParameters = dbParameters.Concat(codeConditions).ToDictionary(k => k.Key, v => v.Value);
}