如何在C#中更新动态创建的t-SQL？_C#_Tsql

如何在C#中更新动态创建的t-SQL？

c# tsql

如何在C#中更新动态创建的t-SQL？,c#,tsql,C#,Tsql,我有一个SQLwherewhere和和子句是动态创建的。我想要的是，在某些条件下更新此SQL 实际查询： var sql = $@"SELECT DISTINCT c.Name AS CallCenterd LTRIM(RTRIM(s.Name)) Name, d.DNIS, s.ScriptId FROM CallCenterSc

我有一个

SQL

where

where

和

和

子句是动态创建的。我想要的是，在某些条件下更新此SQL

实际查询：

var sql = $@"SELECT DISTINCT
                  c.Name AS CallCenterd
                  LTRIM(RTRIM(s.Name)) Name,
                  d.DNIS,
                  s.ScriptId
           FROM CallCenterScript s WITH (NOLOCK)
                LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
                INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
                INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
           WHERE {callCenterIdClause} 
           AND ({keywordClause})
           ORDER BY {sortParameters.ToOrderBy()}";

这是由哪个生成的，

SELECT DISTINCT
       c.Name AS CallCenterd,
       LTRIM(RTRIM(s.Name)) Name,
       d.DNIS,
       s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
     LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
     INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
     INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE c.Id = 5 
AND    (s.Name LIKE '%McAlisters%'
      OR d.DNIS LIKE '%McAlisters%'
      OR s.Script LIKE '%McAlisters%'
      OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC

if(condition matched)
{
    SELECT DISTINCT
           c.Name AS CallCenterd,
           LTRIM(RTRIM(s.Name)) Name,
           d.DNIS,
           s.ScriptId
    FROM CallCenterScript s WITH (NOLOCK)
         LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
         INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
         INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
    WHERE (s.Name LIKE '%McAlisters%'
          OR d.DNIS LIKE '%McAlisters%'
          OR s.Script LIKE '%McAlisters%'
          OR sL.Line LIKE '%McAlisters%')
    ORDER BY DNIS ASC
}

我想要的是，

SELECT DISTINCT
       c.Name AS CallCenterd,
       LTRIM(RTRIM(s.Name)) Name,
       d.DNIS,
       s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
     LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
     INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
     INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE c.Id = 5 
AND    (s.Name LIKE '%McAlisters%'
      OR d.DNIS LIKE '%McAlisters%'
      OR s.Script LIKE '%McAlisters%'
      OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC

if(condition matched)
{
    SELECT DISTINCT
           c.Name AS CallCenterd,
           LTRIM(RTRIM(s.Name)) Name,
           d.DNIS,
           s.ScriptId
    FROM CallCenterScript s WITH (NOLOCK)
         LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
         INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
         INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
    WHERE (s.Name LIKE '%McAlisters%'
          OR d.DNIS LIKE '%McAlisters%'
          OR s.Script LIKE '%McAlisters%'
          OR sL.Line LIKE '%McAlisters%')
    ORDER BY DNIS ASC
}

我是否应该使用类似于，

sql=sql.Where（x=>someLogic）

？

只需覆盖if中的变量

sql

最好为

callCenterIdClause

设置一个

if-else

。当您不需要

c.Id=5

时，请使用

1=1

，只需覆盖if中的变量

sql

最好为

callCenterIdClause

设置一个

if-else

。使用

1=1

当你不想要

c.Id=5

无论你做什么，这个字符串都是一场噩梦。我希望这在外部暴露的生产环境中不起作用。这里的注射风险很高。这是否意味着要填充

数据表

？这些数据去哪里了？无论你做什么，这个字符串都是一场噩梦。我希望这在外部暴露的生产环境中不起作用。这里的注射风险很高。这是否意味着要填充

数据表

？这些数据将流向何处？

callCenterIdClause=>“1=1”

最低努力、最低风险、最干净的解决方案有意义。这就是我想要的。

callCenterIdClause=>“1=1”

最低的努力、最低的风险、最干净的解决方案才有意义。这就是我想要的。