如何将 SQL 查询字符串压缩为小于 258 个字符的小字符串？

Question

I want to create a unique small string <= 258 chars that is suitable as a windows filename.

This is to uniquely label a Xml query result.

Here is a sample query:

SELECT * FROM ( SELECT [utcDT],
MAX(CASE WHEN[Symbol] = 'fish' THEN[Close] END) AS [fish],
MAX(CASE WHEN[Symbol] = 'chips' THEN[Close] END) AS [chips]
FROM [DATA].[1M].[ASTS_NOGAP]
WHERE [Date] >= '2011-12-27'
AND [Date] <= '2012-07-01'
AND [Symbol] IN ('fish','chips')
GROUP BY [utcDT] ) AS A 
WHERE [utcDT] IS NOT NULL  AND [fish] IS NOT NULL AND [chips] IS NOT NULL 
ORDER BY [utcDT]

BUT is could be a longer query.

The compress is one way only, ie I do NOT need to decompress.

I want to end up with a unique file name like:

 ksdgfsbhdfjksgdjbajysjdgyasagfdjahgdkjasgjgfjkgjkgdjkfgjskdjfgsajgdjfgjsgy.xml

EDIT1:

The generated filename must be unique to the query - such that another app would generate the same filename for the same query.

How can I achieve this?

Answer 1

There is a small risk for collisions, but this should do what you need:

public string GetUniqueFileNameForQuery(string sql)
{
    using (var hasher = SHA256.Create())
    {
        var queryBytes = Encoding.UTF8.GetBytes(sql);
        var queryHash = hasher.ComputeHash(queryBytes);
                         // "/" may be included, but is not legal for file names
        return Convert.ToBase64String(queryHash).Replace("/", "-")+".xml";
    }
}

This needs using System.Security.Cryptography; at the top of the file.

---

I also need to add a note about working with SQL from client code languages like C#.

Most queries are going to need input of some kind: an ID field for a lookup, a date range, a username, something to tell the query which records you need out of a larger set. It's very poor practice to substitute these inputs directly into the SQL string in your C# (or other language) code. That opens you up to an issue known as SQL Injection, and it's kind of a big deal .

Instead, for most all queries, there will be a placeholder variable name for each input argument. It matters for this question because you'll have the same SQL query text for two queries that differ only by arguments.

For example, say you have this query:

 SELECT * FROM Users WHERE Username = @Username

You run this query twice, once with 'jsmith' as the input, and once with 'jdoe' . The SQL didn't change, and therefore the encoded file name didn't change.

You maybe be inclined to ask to get the value of the SQL after the parameter inputs are substituted into the query, but this misunderstands what happens. The parameter inputs are never, at any time, substituted into the sql query . That's the whole point. Even the database server will instead treat them as procedure variables.

The point here is you also need a way to encode any parameter data used with your query. Here's one basic naive option:

public string GetUniqueFileNameForQuery(DbCommand query)
{
    var sql = query.CommandText;
    foreach(var p in query.Parameters)
    {
        sql = sql.Replace(p.Name, p.Value.ToString());
    }

    using (var hasher = SHA256.Create())
    {
        var queryBytes = Encoding.UTF8.GetBytes(sql);
        var queryHash = hasher.ComputeHash(queryBytes);
                         // "/" may be included, but is not legal for file names
        return Convert.ToBase64String(queryHash).Replace("/", "-")+".xml";
    }
}

Note: this code could produce invalid SQL. For example, you might end up with something like this:

SELECT * FROM Users WHERE LastName = O'Brien

But since you're not actually trying to run the query, that should be okay. You also need to be careful with systems like OleDB, which uses positional matching and ? for all parameter placeholders. In this case, the parameter name won't match the placeholder, or even if it did, the first parameter would match the placeholder for all the others.