C# linq执行程序数组参数
我需要使用如下查询C# linq执行程序数组参数,c#,linq,C#,Linq,我需要使用如下查询 SELECT * FROM Table WHERE field IN (1,2,3) 我可以用这个 var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN {0}", arrayParam ); //for example arrayParam has 1,2,3 当我用这个的时候,效果很好 var data = context.ExecuteQuery<S
SELECT * FROM Table WHERE field IN (1,2,3)
我可以用这个
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN {0}", arrayParam ); //for example arrayParam has 1,2,3
当我用这个的时候,效果很好
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field = {0}", 1);
但在与param crash的合作中
是否传递参数数组
注意:真正的查询要复杂得多,因此使用本机查询而不是linq如果在将数组作为SQL参数传递之前验证数组以防止SQL注入,则可以执行以下操作:
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));
var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));
var data = context.ExecuteQuery<Some>(query);
如果在将数组作为SQL参数传递之前对其进行验证以防止SQL注入,则可以执行以下操作:
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));
var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));
var data = context.ExecuteQuery<Some>(query);
您可以按照@Marcin Zablocki所说的做,也可以用整个查询构造一个字符串,并调用ExecuteQuery,而不使用任何参数,如下所示:
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));
var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));
var data = context.ExecuteQuery<Some>(query);
您可以按照@Marcin Zablocki所说的做,也可以用整个查询构造一个字符串,并调用ExecuteQuery,而不使用任何参数,如下所示:
var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));
var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));
var data = context.ExecuteQuery<Some>(query);
不幸的是,没有这样的事情,您必须使用命名参数分别传递每个参数,或者使用字符串连接WhereField=1或field=2或field=3或field=4您可以轻松地在C中生成where子句字符串。有很多方法可以做到这一点。可以帮助。不幸的是,没有这样的事情,您必须使用命名参数单独传递每个参数,或者使用字符串连接WhereField=1或field=2或field=3或field=4。您可以很容易地在C中生成where子句字符串。这样做的方法很多。我可以帮忙。