C# 使用多个选项搜索数据库
我使用SQL Server 2008 Express和高级服务。我有一个看法:C# 使用多个选项搜索数据库,c#,sql,sql-server,search,stored-procedures,C#,Sql,Sql Server,Search,Stored Procedures,我使用SQL Server 2008 Express和高级服务。我有一个看法: IF EXISTS (select * from sys.views where object_id = object_id(N'[dbo].[vw_PersonDetails]')) DROP VIEW vw_PersonDetails GO CREATE VIEW vw_PersonDetails AS SELECT p.PersonID, p.Title, p
IF EXISTS (select * from sys.views where object_id = object_id(N'[dbo].[vw_PersonDetails]'))
DROP VIEW vw_PersonDetails
GO
CREATE VIEW vw_PersonDetails
AS
SELECT
p.PersonID, p.Title,
p.FirstName, p.LastName,
a.AddressLine1, a.AddressLine2, a.AddressLine3, a.AddressLine4,
a.Country, a.PostalCode,
a.PhoneNumber, a.Email, p.EntryDate
FROM
[dbo].[Persons] p
INNER JOIN
[dbo].[Address] a ON p.PersonID = a.PersonID
GO
现在我必须用每个列作为选项来搜索这个视图
例:
现在除了在存储过程中编写永不结束的IF-ELSE-IF跟踪或动态构建查询之外,还有其他选项吗。请帮忙
另一个问题是什么会更好:编写这样的存储过程还是从代码中进行动态查询
提前感谢。您需要填写所有搜索字符串才能运行查询(因为IF语句中的AND条件) 无论是否传递参数,都可以创建要运行的动态查询:
DECLARE @sqlCommand VARCHAR(MAX)
SELECT @sqlCommand = 'SELECT * FROM dbo.vw_PersonDetails WHERE 1=1'
IF (@firstName != NULL OR @firstName != '') SELECT @sqlCommand = @sqlCommand + ' AND FirstName LIKE [dbo].[GetSearchString](@firstName)'
IF (@lastName != NULL OR @lastName != '') SELECT @sqlCommand = @sqlCommand + ' AND LastName LIKE [dbo].[GetSearchString](@lastName)'
IF (@addressLine1 != NULL OR @addressLine1 != '') SELECT @sqlCommand = @sqlCommand + ' AND AddressLine1 LIKE [dbo].[GetSearchString](@addressLine1)'
.....
EXEC (@sqlCommand)
您可以在一个简单的查询中完成此操作:
SELECT * from dbo.vw_PersonDetails WHERE (
(@firstName IS NULL OR @firstName = '' OR FirstName like @firstName) AND
... (same thing for other parameters)
这将起作用,因为SQL Server足够智能,能够以预期的方式缩短计算过程。然而,规范并不能保证这一点
如果您希望安全起见,可以通过执行以下操作强制执行评估命令:
SELECT * from dbo.vw_personDetails WHERE (
(CASE
WHEN @firstname IS NULL THEN 1
WHEN @firstname='' THEN 1
WHEN FirstName like @firstName THEN 1
ELSE 0
END=1) AND
.... (same thing for other parameters)
SELECT * from dbo.vw_personDetails WHERE (
(CASE
WHEN @firstname IS NULL THEN 1
WHEN @firstname='' THEN 1
WHEN FirstName like @firstName THEN 1
ELSE 0
END=1) AND
.... (same thing for other parameters)