Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/260.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# linq执行程序数组参数_C#_Linq - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# linq执行程序数组参数

C# linq执行程序数组参数

c# linq

C# linq执行程序数组参数,c#,linq,C#,Linq,我需要使用如下查询 SELECT * FROM Table WHERE field IN (1,2,3) 我可以用这个 var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN {0}", arrayParam ); //for example arrayParam has 1,2,3 当我用这个的时候,效果很好 var data = context.ExecuteQuery<S

我需要使用如下查询

SELECT * FROM Table WHERE field IN (1,2,3)
我可以用这个

var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN {0}", arrayParam ); //for example arrayParam has 1,2,3
当我用这个的时候,效果很好

 var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field = {0}", 1);
但在与param crash的合作中

是否传递参数数组

注意:真正的查询要复杂得多,因此使用本机查询而不是linq

如果在将数组作为SQL参数传递之前验证数组以防止SQL注入,则可以执行以下操作:

var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));

var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));

var data = context.ExecuteQuery<Some>(query);
如果在将数组作为SQL参数传递之前对其进行验证以防止SQL注入,则可以执行以下操作:

var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));

var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));

var data = context.ExecuteQuery<Some>(query);
您可以按照@Marcin Zablocki所说的做,也可以用整个查询构造一个字符串,并调用ExecuteQuery,而不使用任何参数,如下所示:

var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));

var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));

var data = context.ExecuteQuery<Some>(query);
您可以按照@Marcin Zablocki所说的做,也可以用整个查询构造一个字符串,并调用ExecuteQuery,而不使用任何参数,如下所示:

var data = context.ExecuteQuery<Some>( "SELECT * FROM Table WHERE field IN ({0})", string.Join(",",arrayParam.Select(n=>n.ToString())));

var query = string.Format("SELECT * FROM Table WHERE field IN ({0})", string.Join(",", arrayParam.Select(n => n.ToString())));

var data = context.ExecuteQuery<Some>(query);
不幸的是,没有这样的事情,您必须使用命名参数分别传递每个参数,或者使用字符串连接WhereField=1或field=2或field=3或field=4您可以轻松地在C中生成where子句字符串。有很多方法可以做到这一点。可以帮助。不幸的是,没有这样的事情,您必须使用命名参数单独传递每个参数,或者使用字符串连接WhereField=1或field=2或field=3或field=4。您可以很容易地在C中生成where子句字符串。这样做的方法很多。我可以帮忙。