// 批量查询的 2019-05-14 if (!string.IsNullOrWhiteSpace(Request["userCodes"])) { string userCodes = Request["userCodes"].Replace(" ", "").Replace(",", ",").Replace(" ", "").Trim(' ').Trim(); userCodes = Regex.Replace(userCodes, " +", ","); string[] userCodeArry = userCodes.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries); // 需要去重 userCodeArry = userCodeArry.Distinct().ToArray(); // In内容没有参数化 // List<string> listCode = new List<string>(); //foreach (var item in userCodeArry) //{ // listCode.Add(SecretUtilitiesBase.SqlSafeOrderBy(item)); //} //listCondition.Add(" CODE IN (" + BaseBusinessLogic.ObjectsToList(listCode.ToArray(), "'") + ")"); // 2019-06-21 参数化改造,避免硬解析 List<string> codeParameters = new List<string>(); Dictionary<string, object> codeConditions = new Dictionary<string, object>(); foreach (var code in userCodeArry) { codeParameters.Add(dbHelper.GetParameter("P_" + code)); codeConditions.Add("P_" + code, code); } listCondition.Add(" CODE IN (" + codeParameters.Join(",").TrimStart(",").TrimEnd(",") + ")"); dbParameters = dbParameters.Concat(codeConditions).ToDictionary(k => k.Key, v => v.Value); }