Change Improvement Request: Support Parameterized IN Syntax for SQL Statements

Title
Support parameterized IN clause syntax to avoid dynamic SQL execution

Background / Current Behavior

Currently, when building SQL queries that require filtering using an IN clause with multiple values, the only practical solution is to dynamically construct the SQL string and execute it using EXEC(@query).

Example:

DECLARE @query NVARCHAR(MAX)

SET @query = '
SELECT *
FROM Orders
WHERE OrderId IN (' + @OrderIds + ')
'

EXEC(@query)

This approach requires stringifying the entire query, which introduces several issues:

Reduced readability and maintainability

Increased risk of SQL injection if not carefully handled

Poorer query plan reuse

Harder debugging and logging

Proposed Improvement

Introduce support for built parameters that can expand into an IN clause using syntax similar to:

WHERE OrderId IN ({OrderIds})

Where {OrderIds} represents a parameter containing a list/collection of values that the engine expands safely into parameterized values.

Example usage:

SELECT *
FROM Orders
WHERE OrderId IN ({OrderIds})

With input parameter:

OrderIds = [101,102,103]

Internally this could be translated into something equivalent to:

WHERE OrderId IN ({OrderIds})

Expected Benefits

Eliminates the need for dynamic SQL (EXEC(@query))

Improves query safety and reduces SQL injection risk

Enables better query plan reuse

Improves readability and maintainability

Makes multi-value filtering consistent with other parameterized queries