[英]Parameterized OPENJSON in SQL Server query using Entity Framework Core
context.Set<BlogKeyValuePair>()
.FromSql("SELECT [key], value FROM OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId=1), '$.@path')",
new SqlParameter("@path", "path.to.data"));
On first sighting this should work correctly and @path
should be replace by path.to.data
but it doesn't, an SqlException is thrown with the following error:第一次看到这应该可以正常工作,
@path
应该被@path
替换,但事实并非如此,抛出path.to.data
并出现以下错误:
System.Data.SqlClient.SqlException: Incorrect syntax near '@path'.
System.Data.SqlClient.SqlException:'@path' 附近的语法不正确。
Seems like SQL server does not replace the parameter because it is a parameter inside the OPENJSON
function.似乎 SQL 服务器没有替换参数,因为它是
OPENJSON
函数内部的参数。
Looking for secure workarounds.寻找安全的解决方法。
SQL does not recognize the variable because you put it inside a string: SQL 无法识别该变量,因为您将其放入字符串中:
-- Wrong:
OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.@path')
-- Correct:
OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.' + @path)
Code:代码:
context
.Set<BlogKeyValuePair>()
.FromSql(@"
SELECT [key], value
FROM OPENJSON((SELECT JsonData FROM dbo.Blogs WHERE BlogId = 1), '$.' + @path)",
new SqlParameter("@path", "path.to.data"));
This works for me in SSMS, so @marsze's answer should work.这在 SSMS 中对我有用,所以@marsze 的答案应该有效。
declare @path nvarchar(2000) = 'ArrayValue';
DECLARE @json NVARCHAR(4000) = N'{
"StringValue":"John",
"IntValue":45,
"TrueValue":true,
"FalseValue":false,
"NullValue":null,
"ArrayValue":["a","r","r","a","y"],
"ObjectValue":{"obj":"ect"}
}'
SELECT *
FROM OPENJSON(@json, '$.' + @path)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.