使用 Entity Framework Core 在 SQL Server 查询中参数化 OPENJSON
[英]Parameterized OPENJSON in SQL Server query using Entity Framework Core
问题描述
context.Set<BlogKeyValuePair>()
.FromSql("SELECT [key], value FROM OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId=1), '$.@path')",
new SqlParameter("@path", "path.to.data"));
On first sighting this should work correctly and @path should be replace by path.to.data but it doesn't, an SqlException is thrown with the following error:
第一次看到这应该可以正常工作, @path应该被@path替换,但事实并非如此,抛出path.to.data并出现以下错误:
System.Data.SqlClient.SqlException: Incorrect syntax near '@path'.
Seems like SQL server does not replace the parameter because it is a parameter inside the OPENJSON function.似乎 SQL 服务器没有替换参数,因为它是OPENJSON函数内部的参数。
Looking for secure workarounds.寻找安全的解决方法。
2 个解决方案
解决方案1
3 2018-09-04 10:34:03
SQL does not recognize the variable because you put it inside a string: SQL 无法识别该变量,因为您将其放入字符串中:
-- Wrong:
OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.@path')
-- Correct:
OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.' + @path)
Code:代码:
context
.Set<BlogKeyValuePair>()
.FromSql(@"
SELECT [key], value
FROM OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.' + @path)",
new SqlParameter("@path", "path.to.data"));
解决方案2
0 2018-09-04 22:09:13
This works for me in SSMS, so @marsze's answer should work.这在 SSMS 中对我有用,所以@marsze 的答案应该有效。
declare @path nvarchar(2000) = 'ArrayValue';
DECLARE @json NVARCHAR(4000) = N'{
"StringValue":"John",
"IntValue":45,
"TrueValue":true,
"FalseValue":false,
"NullValue":null,
"ArrayValue":["a","r","r","a","y"],
"ObjectValue":{"obj":"ect"}
}'
SELECT *
FROM OPENJSON(@json, '$.' + @path)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.