Fatal编程技术网
  • csharp/
  • C# 串联可变数量的字符串

C# 串联可变数量的字符串

c# sql string

C# 串联可变数量的字符串,c#,sql,string,concatenation,C#,Sql,String,Concatenation,这是我的疑问: "select cli.FANTASIA, dbsmp.VEICULO_PLACA, dbsmp.DTINICIOPREV, dbsmp.DTFIMPREV," + " dbsmp.DTINICIOREAL, dbsmp.DTFIMREAL,dbsmp.CIDADE_DES,dbsmp.CIDADE_ORI, work.STATUS," +

这是我的疑问:

"select cli.FANTASIA, dbsmp.VEICULO_PLACA, dbsmp.DTINICIOPREV, dbsmp.DTFIMPREV," +
                                                    " dbsmp.DTINICIOREAL, dbsmp.DTFIMREAL,dbsmp.CIDADE_DES,dbsmp.CIDADE_ORI, work.STATUS," +
                                                    " dbsmp.REF1 FROM dbsmp_work work inner join dbsmp "+ 
                                                    " on work.ID_SMP = dbsmp.ID_SMP inner join dbcliente cli "+
                                                    " on dbsmp.ID_CLIENTE = cli.ID_CLIENTE inner join dbSMP_MOTORISTA mot "+
                                                    " on dbsmp.ID_SMP = mot.ID_SMP where dbsmp.ID_CLIENTE = @IDCLIENTE "+
                                                    " and work.STATUS in('F') and work.tipo in ({0})";
在{0}点中,我想插入一个字符串列表,字符串之间用、

是否有方法使用某种方法或类似方法传递此列表,或者我必须手动创建另一个字符串,例如在列表中循环?

尝试以下方法:

string.Format(sql, "'" + string.Join("', '", arrOfStrings) + "'")
试试这个:

string.Format(sql, "'" + string.Join("', '", arrOfStrings) + "'")
不幸的是,.NET DB库不允许将单个参数绑定到SQL的IN列表

如果绑定到IN列表的字符串总是来自程序内部,而不是来自用户输入,则可以直接构建列表,如下所示:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
这将生成一个如下所示的字符串:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
但是,如果字符串“a”、“b”、“c”来自用户,则需要参数化查询以避免SQL注入攻击,如下所示:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
对于如下所示的查询:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
并在单独的循环中单独绑定列表中的参数:

int pos = 0;
foreach (var code in tipiDiLavoro) {
    cmd.SetParamValue("@param"+pos, code);
    pos++;
}
请注意在查询中使用NULL。即使work.tipo包含一些空值,它们也永远不会匹配任何内容。但是,向列表中添加NULL可以避免工作类型列表为空时出现语法错误:这样的查询是有效的,并且不会返回任何内容:

... AND work.tipo IN (NULL) -- expanded from an empty list
另一方面,此查询将触发语法错误:

... AND work.tipo IN ()
不幸的是,.NET DB库不允许将单个参数绑定到SQL的IN列表

如果绑定到IN列表的字符串总是来自程序内部,而不是来自用户输入,则可以直接构建列表,如下所示:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
这将生成一个如下所示的字符串:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
但是,如果字符串“a”、“b”、“c”来自用户,则需要参数化查询以避免SQL注入攻击,如下所示:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
对于如下所示的查询:

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select(t => string.Format("'{0}'", t)))
);

AND work.tipo in (null, 'a', 'b', 'c')

string query = String.Format(
    @"... AND work.tipo in (null, {0})"
,   string.Join(", ", tipiDiLavoro.Select((t,i) => string.Format("@param{0}", i)))
);

AND work.tipo in (null, @param0, @param1, @param2)
并在单独的循环中单独绑定列表中的参数:

int pos = 0;
foreach (var code in tipiDiLavoro) {
    cmd.SetParamValue("@param"+pos, code);
    pos++;
}
请注意在查询中使用NULL。即使work.tipo包含一些空值,它们也永远不会匹配任何内容。但是,向列表中添加NULL可以避免工作类型列表为空时出现语法错误:这样的查询是有效的,并且不会返回任何内容:

... AND work.tipo IN (NULL) -- expanded from an empty list
另一方面,此查询将触发语法错误:

... AND work.tipo IN ()
如何?参数化查询,让我从您的问题中独立搜索它您应该使用StringBuilder或string.Format而不是+。@Sebi-虽然这通常是正确的,但在本例中,没有发生连接。编译器将只发出一个字符串。如何?参数化查询,让我从您的问题中搜索itIndependet您应该使用StringBuilder或string.Format而不是+。@Sebi-虽然这通常是正确的,但在本例中,没有发生连接。编译器将只发出一个字符串。我会完成,string.Join,arrOfStrings.Selectx=>“+x+”,但无论哪种方式它都可以工作。@AshBurlaczenko如果arrOfStrings是空数组,查询将变为无效。如果是空数组,则查询不应该到达该点。谢谢@kpull1和Ash Burlaczenko,我已经使用您的答案创建了一个联接,现在可以正常工作了。我本可以这样做,string.join,,arrOfStrings.Selectx=>“+x+”,但无论哪种方式它都可以工作。@AshBurlaczenko如果arrOfStrings是空数组,则查询将变为无效。为True,但如果它是空的,则不应该到达该点。谢谢@kpull1和Ash Burlaczenko,我已经用你的答案加入了,现在效果很好。