C#.net MVC通过参数从数据库加载数据_C#_Asp.net Mvc_Angularjs

C#.net MVC通过参数从数据库加载数据

c# asp.net-mvc angularjs

C#.net MVC通过参数从数据库加载数据,c#,asp.net-mvc,angularjs,C#,Asp.net Mvc,Angularjs,我想传递从角度复选框中获取的值。。（已选中的编号）从my db查询特定数据。查看我的连接查询 private static string m_sConnectionString = ConfigurationManager.ConnectionStrings["NomsConnection"].ConnectionString; private static string m_sReport = "SELECT r.[RequestID],r.[RequestDate]

我想传递从角度复选框中获取的值。。（已选中的编号）从my db查询特定数据。查看我的连接查询

private static string m_sConnectionString = ConfigurationManager.ConnectionStrings["NomsConnection"].ConnectionString; private static string m_sReport = "SELECT r.[RequestID],r.[RequestDate],r.[PARNumber],r.[StatusID],r.[PurchaseComment]" // 0 - 4 + ",r.[UID],r.[LearUID],r.[FullName],r.[Email]" // 5 - 8 + ",r.[EntityName],r.[DepartmentName],r.[DepartmentID]" // 9 - 11 + ",r.[InboxLearUID]" // 12 + ",r.[ProgramID],r.[ProgramCode],r.[ProgramName],r.[CostCenterCode]" // 13 - 16 + ",p.[PartDesc],p.[SupplierID],p.[AccountType],p.[CurrName],p.[PartQuantity],p.[PiecePrice], p.[PartNumber]" + "FROM [NOP_PR].[dbo].[Requests] r " + "JOIN [NOP_PR].[dbo].[Parts] p on p.[RequestID] = r.[RequestID]" + "JOIN [NOP_PR].[dbo].[Departments] d on d.[DepartmentID] = r.[DepartmentID]" + "WHERE [CountryName] IN ('Philippines') "; //ORDER BY r.[RequestDate] DESC"; public static List<NomsPRRequest> LoadPRfromDB_withParams(DateTime from, DateTime to, string EntityID, string DepartmentID, string [] StatusID) { string sScript = m_sReport + ((EntityID == "") ? "" : " AND d.[EntityID]=" + EntityID) + ((DepartmentID == "") ? "" : " AND d.[DepartmentID]=" + DepartmentID) + " and [RequestDate] between '" + from.ToString("yyyy-MM-dd HH:mm:ss") + "' and '" + to.ToString("yyyy-MM-dd HH:mm:ss") + "'" + " and " + (( __________ ) ? "" : " AND d.[StatusID] in (" + ____________ + ")" ); Dictionary<long, NomsPRRequest> data = new Dictionary<long, NomsPRRequest>(); long key; double dAmount; using (SqlConnection con = new SqlConnection(m_sConnectionString)) { con.Open(); using (SqlCommand command = new SqlCommand(sScript, con)) { SqlDataReader reader = command.ExecuteReader(); while (reader.Read()) { key = reader.GetInt64(0); if (!data.ContainsKey(key)) { data.Add(key, new NomsPRRequest() { RequestID = key, RequestDate = reader.GetDateTime(1), PARNumber = reader.GetString(2), DepartmentName = reader.GetString(10), DepartmentID = reader.GetInt64(11), StatusID = reader.GetInt64(3), FullName = reader.GetString(7), InboxLearUID = reader.GetString(12), ProgramName = reader.GetString(14), ItemList = new List<NomsPRItem>(), TotalAmount = 0.0 }); } dAmount = (double)reader.GetDecimal(21) * (double)reader.GetDecimal(22); data[key].TotalAmount += dAmount; data[key].ItemList.Add(new NomsPRItem() { RequestID = key, PartDesc = reader.GetString(17), PartNumber = reader.GetString(23), SupplierID = reader.GetString(18), FullName = reader.GetString(7), AccountType = reader.GetString(19), CurrName = reader.GetString(20), PartQuantity = (double)reader.GetDecimal(21), PiecePrice = (double)reader.GetDecimal(22), Amount = dAmount }); } } } return data.Values.ToList(); }
以及在我的MVC控制器中传递的内容

public JsonResult GetList() { DateTime today = DateTime.Now; List<NomsPRRequest> model = NomsConnection.LoadPRfromDB_withParams(new DateTime(today.Year, today.Month, 1, 0, 0, 0), today,"",""); return Json(model, JsonRequestBehavior.AllowGet); } public JsonResult GetReportList(string from, string to, string EntityID="", string DepartmentID="", int StatusID) { DateTime fromd = DateTime.Now; DateTime tod = DateTime.Now; if (from != "undefined") fromd = Convert.ToDateTime(from); if (to != "undefined") tod = Convert.ToDateTime(to); fromd = new DateTime(fromd.Year, fromd.Month, fromd.Day, 0, 0, 0); tod = new DateTime(tod.Year, tod.Month, tod.Day, 23, 59, 59); return Json(NomsConnection.LoadPRfromDB_withParams(fromd, tod, EntityID, DepartmentID, StatusID), JsonRequestBehavior.AllowGet); }
在传递数据时，还要在这部分中添加什么

scope.changeDate = function () { scope.models = null; var e = document.getElementById("entityList"); scope.EntityID = e.options[e.selectedIndex].value; e = document.getElementById("deptList"); scope.DepartmentID = e.options[e.selectedIndex].value; // console.log(this.filter_fromDate); //console.log(this.filter_toDate); http.get('GetReportList?from=' + scope.filter_fromDate + '&to=' + scope.filter_toDate + '&EntityID=' + scope.EntityID + '&DepartmentID=' + scope.DepartmentID).success( function (data) { scope.models = data; }); }

首先，您的sql查询确实应该防止
考虑到您的问题似乎是您需要查询来读取
。。。。以及（[status1]、[status2]、[status3]……）中的d.statusid
。为此，可以使用参数。首先，我们需要为
StatusId

string sScript = m_sReport + ((EntityID == "") ? "" : " AND d.[EntityID]=" + EntityID) + ((DepartmentID == "") ? "" : " AND d.[DepartmentID]=" + DepartmentID) + " and [RequestDate] between '" + from.ToString("yyyy-MM-dd HH:mm:ss") + "' and '" + to.ToString("yyyy-MM-dd HH:mm:ss") + "'" + " and " + (( __________ ) ? "" : " AND d.[StatusID] in ("; int paramCount=0; foreach(string Id in StatusId) { sScript = sScript + "@statusParam" + paramCount + ","; paramCount++; } sScript = sScript + ");";
接下来，我们需要填充每个参数，因此在初始化连接等之后：

using (SqlCommand command = new SqlCommand(sScript, con)) { paramCount = 0; foreach(string Id in StatusId) { string paramName = "@statusParam" + paramCount; command.Parameters.AddWithValue(paramName,Id); paramCount++; } SqlDataReader reader = command.ExecuteReader(); /*..........rest of the code */ }

我没有在任何IDE中使用它，因此可能会有一些小的语法错误，但您明白了。
您是指此处的statusId`foreach（statusId中的string Id）`是我将从复选框中获取的statusId吗？您的方法
LoadPRfromDB_with params
包含一个参数
string[]statusId
。我假设您的问题是编写一个查询以包含该数组中的所有StatusID。您的问题并不十分清楚-您是在努力让复选框发回控制器，还是在编写SQL查询？
scope.changeDate = function () { scope.models = null; var e = document.getElementById("entityList"); scope.EntityID = e.options[e.selectedIndex].value; e = document.getElementById("deptList"); scope.DepartmentID = e.options[e.selectedIndex].value; // console.log(this.filter_fromDate); //console.log(this.filter_toDate); http.get('GetReportList?from=' + scope.filter_fromDate + '&to=' + scope.filter_toDate + '&EntityID=' + scope.EntityID + '&DepartmentID=' + scope.DepartmentID).success( function (data) { scope.models = data; }); }

string sScript = m_sReport + ((EntityID == "") ? "" : " AND d.[EntityID]=" + EntityID) + ((DepartmentID == "") ? "" : " AND d.[DepartmentID]=" + DepartmentID) + " and [RequestDate] between '" + from.ToString("yyyy-MM-dd HH:mm:ss") + "' and '" + to.ToString("yyyy-MM-dd HH:mm:ss") + "'" + " and " + (( __________ ) ? "" : " AND d.[StatusID] in ("; int paramCount=0; foreach(string Id in StatusId) { sScript = sScript + "@statusParam" + paramCount + ","; paramCount++; } sScript = sScript + ");";

using (SqlCommand command = new SqlCommand(sScript, con)) { paramCount = 0; foreach(string Id in StatusId) { string paramName = "@statusParam" + paramCount; command.Parameters.AddWithValue(paramName,Id); paramCount++; } SqlDataReader reader = command.ExecuteReader(); /*..........rest of the code */ }