There are a few possible answers to your question. If the list of product IDs are coming from a database, you're best bet is to change your query to either use a JOIN or an EXISTS with a sub-select (using whatever WHERE clause limits the product IDs to the desired ones).
If the list can be long, and is not coming from a database, I would suggest using a stored procedure with a table valued parameter and then pursue the same technique suggested above. For more information on table valued parameters, see:
Use Table-Valued Parameters (Database Engine) | Microsoft Docs[
^]
While generally not a good approach, if you know your list will be short and merely want to construct a command with parameters (to avoid SQL injection), something like the following should work:
var builder = new StringBuilder(1024);
int count = list.Count;
builder.Append("SELECT * from Emp where empID in (");
for (int index = 1; index <= count; index++)
{
if (index > 1)
builder.Append(',');
builder.Append($"@p{index}");
}
builder.Append(")");
using (var command = new SqlCommand(builder.ToString(), connection))
{
SqlParameterCollection parameters = command.Parameters;
for (int index = 1; index <= count; index++)
parameters.AddWithValue($"p{index}", list[index]);
}