System.Data.Common.DbCommand:参数化查询作为过程参数?
[英]System.Data.Common.DbCommand: Parameterized Query as Procedure Parameter?
问题描述
I have procedure in PostgreSQL defined as: 
我将PostgreSQL中的过程定义为:
CREATE OR REPLACE FUNCTION CreateCursorC(text, text)
RETURNS text
LANGUAGE c
AS '$libdir/mylibs', $function$createcursorc$function$
Execute example: 执行示例:
SELECT CreateCursorC('cursor_name', 'SELECT a FROM x WHERE a=''text''');
Of course I would like to use parameters (DbCommand.Parameters). 当然我想使用参数(DbCommand.Parameters)。 Like this: 像这样:
SELECT CreateCursorC($1, 'SELECT a FROM x WHERE a=$2');
Unfortunately it's not working because parameter $2 is in quotes. 不幸的是它没有用,因为参数$ 2在引号中。 Is there a way to accomplished this task using parameters and not by writing custom SQL escaping function ? 有没有办法使用参数完成此任务,而不是通过编写自定义SQL转义函数 ?
I tried to get an answer at Devart Forum, but no luck: Parameterized Query as Procedure Parameter? 我试图在Devart论坛上得到答案,但没有运气: 参数化查询作为程序参数? | | Devart Forums Devart论坛
1 个解决方案
解决方案1
2 2014-06-11 20:21:34
I think I understand your issue. 我想我理解你的问题。 I ran into a similar problem when trying to setup a parameterized query that included a LIKE expression in MySQL, via C#. 当尝试通过C#设置包含MySQL中的LIKE表达式的参数化查询时,我遇到了类似的问题。
The trick that I found, in the case of the LIKE expression, was to make the % characters part of the parameter. 在LIKE表达式的情况下,我发现的技巧是使%字符成为参数的一部分。 In your case, this same type of logic may work for your quoted text. 在您的情况下,这种相同类型的逻辑可能适用于您的引用文本。
Here's a snippet of code showing what I did in my case: 这是一段代码,展示了我在我的案例中所做的事情:
IDBCommandParameters cmdParams = dbContext.CreateDBCommandParameters();
cmdParams.AddParameter(QueryConstants.likeParam, string.Format("%{0}%", likeFilter));
List<TQueryResult> companies = LoadModelList<TQueryResult>(dbContext.Find(QueryConstants.findCompaniesLikeStatement, cmdParams, false), "");
return companies;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.