[英]Dynamtic In Statement
I am using a checkbox list to selected orders for export and I am using the following to export the orders My Question is how do i place the chracher , within the in statement using the below code ? 我正在使用复选框列表来选择要导出的订单,并且正在使用以下内容导出订单我的问题是如何使用以下代码将chracher放置在in语句中?
For Each obj As Object In CheckedListBox1.CheckedItems
tempstring = Chr(39) & obj.ToString() & Chr(39)
sb.AppendLine(String.Join(",", tempstring)
Next
Function to return sql 返回sql的功能
Friend Function GetDistinctOrdersForLocations(OrderNumber As String) As String Implements
iScriptBuilder.GetDistinctOrdersForLocations
Dim retVal As String = "SELECT DISTINCT location, ordernumber FROM orders "
retVal &= "where orders.ordernumber in (" & OrderNumber & ")"
Return retVal
End Function
This is producing this sql through the above function 这是通过上述功能产生此sql
SELECT DISTINCT location, ordernumber FROM orders where orders.ordernumber
in ('Puals Test V1'
'Puals Test V2'
)
Of course it does. 当然可以。 You create
tempstring
by quoting object.ToString()
in single quotes. 您可以通过在单引号中引用
tempstring
object.ToString()
来创建tempstring
字符串。 Then you add it to the StringBuilder
without any change , because the String.Join
doesn't do anything for just one string. 然后,您无需进行任何更改即可将其添加到
StringBuilder
,因为String.Join
不会仅对一个字符串执行任何操作。 String.Join
joins a list of strings together using the separator, but you're not passing in a list, but just a single string - there's nothing to join here. String.Join
使用分隔符将字符串列表连接在一起,但是您不是传递列表,而是传递单个字符串-这里没有要连接的内容。
What you need to do is 您需要做的是
For Each obj As Object In CheckedListBox1.CheckedItems
tempstring = Chr(39) & obj.ToString() & Chr(39)
If sb.Length > 0 THEN
sb.Append(",")
End If
sb.Append(tempstring)
Next
This appends a comma to the StringBuilder
in case there's some content already and then it appends the new string. 如果已经有一些内容,这会在
StringBuilder
后面加上一个逗号,然后会添加新的字符串。
Using built in functionality: 使用内置功能:
retVal &= string.Join(
",",
CheckedListBox1.CheckedItems
.Select(x => string.Format("'{0}'", x.ToString())));
Also watch out for SQL injection when doing such a construct. 在进行这种构造时,也要注意SQL注入。 It might be safer to move this to a stored procedure or to pass a variable number of prepared statements.
将其移至存储过程或传递可变数量的准备好的语句可能更安全。
Check this answer for a safer way of achieving your goal. 查看此答案 ,以更安全地实现目标。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.