如何在C#中更新动态创建的t-SQL?
我有一个如何在C#中更新动态创建的t-SQL?,c#,tsql,C#,Tsql,我有一个SQLwherewhere和和子句是动态创建的。我想要的是,在某些条件下更新此SQL 实际查询: var sql = $@"SELECT DISTINCT c.Name AS CallCenterd LTRIM(RTRIM(s.Name)) Name, d.DNIS, s.ScriptId FROM CallCenterSc
SQL
wherewhere
和和
子句是动态创建的。我想要的是,在某些条件下更新此SQL
实际查询:
var sql = $@"SELECT DISTINCT
c.Name AS CallCenterd
LTRIM(RTRIM(s.Name)) Name,
d.DNIS,
s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE {callCenterIdClause}
AND ({keywordClause})
ORDER BY {sortParameters.ToOrderBy()}";
这是由哪个生成的,
SELECT DISTINCT
c.Name AS CallCenterd,
LTRIM(RTRIM(s.Name)) Name,
d.DNIS,
s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE c.Id = 5
AND (s.Name LIKE '%McAlisters%'
OR d.DNIS LIKE '%McAlisters%'
OR s.Script LIKE '%McAlisters%'
OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC
if(condition matched)
{
SELECT DISTINCT
c.Name AS CallCenterd,
LTRIM(RTRIM(s.Name)) Name,
d.DNIS,
s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE (s.Name LIKE '%McAlisters%'
OR d.DNIS LIKE '%McAlisters%'
OR s.Script LIKE '%McAlisters%'
OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC
}
我想要的是,
SELECT DISTINCT
c.Name AS CallCenterd,
LTRIM(RTRIM(s.Name)) Name,
d.DNIS,
s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE c.Id = 5
AND (s.Name LIKE '%McAlisters%'
OR d.DNIS LIKE '%McAlisters%'
OR s.Script LIKE '%McAlisters%'
OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC
if(condition matched)
{
SELECT DISTINCT
c.Name AS CallCenterd,
LTRIM(RTRIM(s.Name)) Name,
d.DNIS,
s.ScriptId
FROM CallCenterScript s WITH (NOLOCK)
LEFT JOIN CallCenterScriptLine sL WITH (NOLOCK) ON sL.ScriptId = s.ScriptId
INNER JOIN CallCenterDNIS d WITH (NOLOCK) ON d.ScriptId = s.ScriptId
INNER JOIN CallCenter c WITH (NOLOCK) ON c.Id = s.CallCenterId
WHERE (s.Name LIKE '%McAlisters%'
OR d.DNIS LIKE '%McAlisters%'
OR s.Script LIKE '%McAlisters%'
OR sL.Line LIKE '%McAlisters%')
ORDER BY DNIS ASC
}
我是否应该使用类似于,
sql=sql.Where(x=>someLogic)
?只需覆盖if中的变量sql
最好为
callCenterIdClause
设置一个if-else
。当您不需要c.Id=5
时,请使用1=1
,只需覆盖if中的变量sql
最好为
callCenterIdClause
设置一个if-else
。使用1=1
当你不想要c.Id=5
无论你做什么,这个字符串都是一场噩梦。我希望这在外部暴露的生产环境中不起作用。这里的注射风险很高。这是否意味着要填充数据表
?这些数据去哪里了?无论你做什么,这个字符串都是一场噩梦。我希望这在外部暴露的生产环境中不起作用。这里的注射风险很高。这是否意味着要填充数据表
?这些数据将流向何处?callCenterIdClause=>“1=1”
最低努力、最低风险、最干净的解决方案有意义。这就是我想要的。callCenterIdClause=>“1=1”
最低的努力、最低的风险、最干净的解决方案才有意义。这就是我想要的。