zoukankan      html  css  js  c++  java
  • SQL脚本IN在EF中的应用

    C#查询条件中存在in,为了避免拼脚本,参数化查询数据库,提高安全性,规避脚本注入。网上找了好多,最后发现 SqlParameter 是无法实现in的操作,所以只能变相来实现,结果还是不错的,性能上各位自己去测试一下吧,因为in操作本身就比较慢(无法使用索引)。下面给出SQl脚本

    --传统in操作
    SELECT  a.NAME
    FROM    ( SELECT    '张源' AS NAME
              UNION ALL
              SELECT    '赵明' AS NAME
              UNION ALL
              SELECT    '王刚' AS NAME
              UNION ALL
              SELECT    '陈红' AS NAME
              UNION ALL
              SELECT    '孙强' AS NAME
              UNION ALL
              SELECT    '李伟' AS NAME
              UNION ALL
              SELECT    '钱昆' AS NAME
              UNION ALL
              SELECT    '郑芳' AS Name
            ) a
    WHERE   name IN ( '张源', '郑芳' )
    --使用CHARINDEX实现in操作
    SELECT  a.NAME
    FROM    ( SELECT    '张源' AS NAME
              UNION ALL
              SELECT    '赵明' AS NAME
              UNION ALL
              SELECT    '王刚' AS NAME
              UNION ALL
              SELECT    '陈红' AS NAME
              UNION ALL
              SELECT    '孙强' AS NAME
              UNION ALL
              SELECT    '李伟' AS NAME
              UNION ALL
              SELECT    '钱昆' AS NAME
              UNION ALL
              SELECT    '郑芳' AS Name
            ) a
    WHERE  CHARINDEX(','+CAST(Name AS NVARCHAR(MAX))+',',',张源,郑芳,')>0

    下面在给出一段EF代码:

                var ids = string.Join(",", id);
                SqlParameter[] para = new SqlParameter[] {
                //-1表示最大max
                   new SqlParameter("@DetialIDs", SqlDbType.VarChar, -1) { Value=ids}
                };
                var sql = @"SELECT  DetialID 
                            FROM    OrderDetial
                            WHERE   CHARINDEX(',' + cast( DetialID as varchar(max)) + ',', ','+@DetialIDs +',')> 0";
                return Context.Database.SqlQuery<OrderDetial>(sql, para);
  • 相关阅读:
    英雄会 高校俱乐部 题解(均分01)
    win7下装ubuntu
    UVA10142/PC110108Australian Voting
    解决打不开jar包
    pc110301QWERTYU
    寒假的ACM训练三(PC110107/UVa10196)
    寒假ACM训练(二)
    寒假的ACM训练(一)
    『ORACLE』授予hr用户查看执行计划权限(11g)
    『ORACLE』SPM(下)-baseline实验(11g)
  • 原文地址:https://www.cnblogs.com/beijing2020/p/6072526.html
Copyright © 2011-2022 走看看