JQGrid 高级搜索 - 我们可以同时使用“AND”和“OR”运算符吗?
[英]JQGrid Advance Search - Could we use "AND" and "OR" operators at the same time?
问题描述
I am using JQGrid Advance Search feature multipleSearch: true, multipleGroup: true .
我正在使用 JQGrid 高级搜索功能multipleSearch: true, multipleGroup: true 。
I am using Asp.net MVC and classic ado.net + stored procedure also.我也在使用 Asp.net MVC 和经典的 ado.net + 存储过程。
Whenever user search data at JGRID, I will pass this searching criteria to stored procedure as parameter values.每当用户在 JGRID 搜索数据时,我都会将这个搜索条件作为参数值传递给存储过程。 Such as...如...
Select *
From tableName
Where @WhereClauseDynamic
So I have created "Where Clause Generator" Class.所以我创建了“Where Clause Generator”Class。
[ModelBinder(typeof(GridModelBinder))]
public class JqGrid_Setting_VewModel
{
public bool IsSearch { get; set; }
public int PageSize { get; set; }
public int PageIndex { get; set; }
public string SortColumn { get; set; }
public string SortOrder { get; set; }
public string Where { get; set; }
}
public class WhereClauseGenerator
{
private static readonly string[] FormatMapping = {
" ({0} = '{1}') ", // "eq" - equal
" ({0} <> {1}) ", // "ne" - not equal
" ({0} < {1}) ", // "lt" - less than
" ({0} <= {1}) ", // "le" - less than or equal to
" ({0} > {1}) ", // "gt" - greater than
" ({0} >= {1}) ", // "ge" - greater than or equal to
" ({0} LIKE '{1}%') ", // "bw" - begins with
" ({0} NOT LIKE '{1}%') ", // "bn" - does not begin with
" ({0} LIKE '%{1}') ", // "ew" - ends with
" ({0} NOT LIKE '%{1}') ", // "en" - does not end with
" ({0} LIKE '%{1}%') ", // "cn" - contains
" ({0} NOT LIKE '%{1}%') " // "nc" - does not contain
};
public string Generator(Filter _Filter)
{
var sb = new StringBuilder();
foreach (Rule rule in _Filter.rules)
{
if (sb.Length != 0)
sb.Append(_Filter.groupOp);
sb.AppendFormat(FormatMapping[(int)rule.op], rule.field, rule.data);
}
return sb.ToString();
}
}
public class GridModelBinder : IModelBinder
{
public object BindModel(ControllerContext controllerContext, ModelBindingContext bindingContext)
{
try
{
var request = controllerContext.HttpContext.Request;
var serializer = new JavaScriptSerializer();
var _WhereClauseGenerator = new WhereClauseGenerator();
var _IsSearch = bool.Parse(request["_search"] ?? "false");
var _PageIndex = int.Parse(request["page"] ?? "1");
var _PageSize = int.Parse(request["rows"] ?? "10");
var _SortColumn = request["sidx"] ?? "";
var _SortOrder = request["sord"] ?? "asc";
var _Where = request["filters"] ?? "";
return new JqGrid_Setting_VewModel
{
IsSearch = _IsSearch,
PageIndex = _PageIndex,
PageSize = _PageSize,
SortColumn = _SortColumn,
SortOrder = _SortOrder,
Where = (_IsSearch == false || string.IsNullOrEmpty(_Where)) ? string.Empty : _WhereClauseGenerator.Generator(serializer.Deserialize<Filter>(_Where))
};
}
catch
{
return null;
}
}
}
[DataContract]
public class Filter
{
[DataMember]
public GroupOp groupOp { get; set; }
[DataMember]
public List<Rule> rules { get; set; }
}
[DataContract]
public class Rule
{
[DataMember]
public string field { get; set; }
[DataMember]
public Operations op { get; set; }
[DataMember]
public string data { get; set; }
}
public enum GroupOp
{
AND,
OR
}
public enum Operations
{
eq, // "equal"
ne, // "not equal"
lt, // "less"
le, // "less or equal"
gt, // "greater"
ge, // "greater or equal"
bw, // "begins with"
bn, // "does not begin with"
//in, // "in"
//ni, // "not in"
ew, // "ends with"
en, // "does not end with"
cn, // "contains"
nc // "does not contain"
}
By using upper code, everything is correct when I search like that通过使用上面的代码,当我这样搜索时一切都是正确的
{
"groupOp":"AND",
"rules":[{"field":"Seminar_Code","op":"eq","data":"MED01"},
{"field":"Seminar_Code","op":"eq","data":"CMP05"}],"groups":[]
}
sb.ToString() // Output vlaue
" (Seminar_Code = 'MED01') AND (Seminar_Code = 'CMP05') "
So, it is totally correct.所以,这是完全正确的。
But when it come to more complex search query like that...但是当涉及到更复杂的搜索查询时......
{
"groupOp":"AND",
"rules":[{"field":"Seminar_Code","op":"eq","data":"MED01"},
{"field":"Seminar_Code","op":"eq","data":"CMP05"}],
"groups":[{
"groupOp":"OR",
"rules": [{"field":"Seminar_Code","op":"eq","data":"CMP01"}],"groups":[]}]
}
sb.ToString() // Actual Output value is like that below
" (Seminar_Code = 'MED01') AND (Seminar_Code = 'CMP05') "
But what I had expected is like that below..但我所期望的是像下面这样的..
" ((Seminar_Code = 'MED01') AND (Seminar_Code = 'CMP05')) OR ( Seminar_Code = 'CMP01' ) "
So how could I do it correctly?那么我怎样才能正确地做到这一点呢?
Is JQGrid support multiple group operation like "AND" + "OR"? JQGrid是否支持“AND”+“OR”的多组运算? Is this support only one operator at the same time?这是同时只支持一个运营商吗? Could we use "AND" and "OR" opreators at the same time?我们可以同时使用“AND”和“OR”运算符吗?
Every suggestion will be appreciated.每一个建议将不胜感激。
1 个解决方案
解决方案1
6 已采纳 2012-04-07 07:42:47
First of all I should mention that I find dangerous the code which you use.首先我应该提到我发现你使用的代码很危险。 You construct the WHERE construction which you want to use in SELECT and you use trust the input data.您构造要在 SELECT 中使用的 WHERE 构造,并使用信任输入数据。 You can receive SQL Injection problem.您可以收到 SQL 注入问题。 You should write your code much more safe.您应该更安全地编写代码。 You need escape all [ , % and _ used in operators which contains LIKE .您需要转义包含LIKE的运算符中使用的所有[ 、 %和_ 。
Moreover I would recommend you to use SELECT with parameters.此外,我建议您使用带参数的 SELECT。 Instead of代替
Seminar_Code LIKE 'MED01%'
you can use您可以使用
Seminar_Code LIKE (@p1 + '%')
and use SqlCommand.Parameters to define the value of @p1 and other parameters which you use.并使用SqlCommand.Parameters来定义@p1的值和您使用的其他参数。
Now I try to answer on your main question.现在我试着回答你的主要问题。 The definition of Filter class which you use don't use groups part on the input.您使用的Filter class 的定义不在输入中使用groups部分。 You should extend Filter class to something like您应该将Filter class 扩展为类似
public class Filter {
public GroupOp groupOp { get; set; }
public List<Rule> rules { get; set; }
public List<Filter> groups { get; set; }
}
You should also extend the code of the WhereClauseGenerator.Generator method to analyse the groups part.您还应该扩展WhereClauseGenerator.Generator方法的代码以分析groups部分。 I recommend you additionally to use names more close to the standard name conversion.我建议您另外使用更接近标准名称转换的名称。 If you use the names like _Filter for the variable and not for the private members of the class it make the code misundertandable.如果您将_Filter之类的名称用于变量而不是 class 的私有成员,则会使代码难以理解。 Moreover the class WhereClauseGenerator can be static ( public static class WhereClauseGenerator ) and the method Generator too.此外,class WhereClauseGenerator可以是 static( public static class WhereClauseGenerator )和方法Generator 。
The simplest code which add support of the groups part of Filter can be添加对Filter groups部分的支持的最简单代码可以是
public static string Generator (Filter filters) {
var sb = new StringBuilder ();
if (filters.groups != null && filters.groups.Count > 0)
sb.Append (" (");
bool firstRule = true;
if (filters.rules != null) {
foreach (var rule in filters.rules) {
if (!firstRule)
sb.Append (filters.groupOp);
else
firstRule = false;
sb.AppendFormat (FormatMapping[(int)rule.op], rule.field, rule.data);
}
}
if (filters.groups != null && filters.groups.Count > 0) {
sb.Append (") ");
foreach (var filter in filters.groups) {
if (sb.Length != 0)
sb.Append (filter.groupOp);
sb.Append (" (");
sb.Append (Generator (filter));
sb.Append (") ");
}
}
return sb.ToString ();
}
UPDATED : I have to modify the above code to produce correct results for more sophisticated filters input:更新:我必须修改上面的代码才能为更复杂的filters输入产生正确的结果:
public class Filter {
public GroupOp groupOp { get; set; }
public List<Rule> rules { get; set; }
public List<Filter> groups { get; set; }
}
public class Rule {
public string field { get; set; }
public Operations op { get; set; }
public string data { get; set; }
}
public enum GroupOp {
AND,
OR
}
public enum Operations {
eq, // "equal"
ne, // "not equal"
lt, // "less"
le, // "less or equal"
gt, // "greater"
ge, // "greater or equal"
bw, // "begins with"
bn, // "does not begin with"
//in, // "in"
//ni, // "not in"
ew, // "ends with"
en, // "does not end with"
cn, // "contains"
nc // "does not contain"
}
public static class WhereClauseGenerator {
private static readonly string[] FormatMapping = {
"({0} = '{1}')", // "eq" - equal
"({0} <> {1})", // "ne" - not equal
"({0} < {1})", // "lt" - less than
"({0} <= {1})", // "le" - less than or equal to
"({0} > {1})", // "gt" - greater than
"({0} >= {1})", // "ge" - greater than or equal to
"({0} LIKE '{1}%')", // "bw" - begins with
"({0} NOT LIKE '{1}%')", // "bn" - does not begin with
"({0} LIKE '%{1}')", // "ew" - ends with
"({0} NOT LIKE '%{1}')", // "en" - does not end with
"({0} LIKE '%{1}%')", // "cn" - contains
"({0} NOT LIKE '%{1}%')" // "nc" - does not contain
};
private static StringBuilder ParseRule(ICollection<Rule> rules, GroupOp groupOp) {
if (rules == null || rules.Count == 0)
return null;
var sb = new StringBuilder ();
bool firstRule = true;
foreach (var rule in rules) {
if (!firstRule)
// skip groupOp before the first rule
sb.Append (groupOp);
else
firstRule = false;
sb.AppendFormat (FormatMapping[(int)rule.op], rule.field, rule.data);
}
return sb.Length > 0 ? sb : null;
}
private static void AppendWithBrackets (StringBuilder dest, StringBuilder src) {
if (src == null || src.Length == 0)
return;
if (src.Length > 2 && src[0] != '(' && src[src.Length - 1] != ')') {
dest.Append ('(');
dest.Append (src);
dest.Append (')');
} else {
// verify that no other '(' and ')' exist in the b. so that
// we have no case like src = "(x < 0) OR (y > 0)"
for (int i = 1; i < src.Length - 1; i++) {
if (src[i] == '(' || src[i] == ')') {
dest.Append ('(');
dest.Append (src);
dest.Append (')');
return;
}
}
dest.Append (src);
}
}
private static StringBuilder ParseFilter(ICollection<Filter> groups, GroupOp groupOp) {
if (groups == null || groups.Count == 0)
return null;
var sb = new StringBuilder ();
bool firstGroup = true;
foreach (var group in groups) {
var sbGroup = ParseFilter(group);
if (sbGroup == null || sbGroup.Length == 0)
continue;
if (!firstGroup)
// skip groupOp before the first group
sb.Append (groupOp);
else
firstGroup = false;
sb.EnsureCapacity (sb.Length + sbGroup.Length + 2);
AppendWithBrackets (sb, sbGroup);
}
return sb;
}
public static StringBuilder ParseFilter(Filter filters) {
var parsedRules = ParseRule (filters.rules, filters.groupOp);
var parsedGroups = ParseFilter (filters.groups, filters.groupOp);
if (parsedRules != null && parsedRules.Length > 0) {
if (parsedGroups != null && parsedGroups.Length > 0) {
var groupOpStr = filters.groupOp.ToString();
var sb = new StringBuilder (parsedRules.Length + parsedGroups.Length + groupOpStr.Length + 4);
AppendWithBrackets (sb, parsedRules);
sb.Append (groupOpStr);
AppendWithBrackets (sb, parsedGroups);
return sb;
}
return parsedRules;
}
return parsedGroups;
}
}
Now the you can use static ParseFilter method of the static class WhereClauseGenerator like现在您可以使用 static ParseFilter方法 static class WhereClauseGenerator类的
var filters = request["filters"];
string whereString = request["_search"] && !String.IsNullOrEmpty(filters)
? WhereClauseGenerator.ParseFilter(serializer.Deserialize<Filter>(filters))
: String.Empty;
Please don't forget that the problem with SQL Injection still exist.请不要忘记 SQL 注入的问题仍然存在。 I can't fix it till I don't know which kind of database access you use.在我不知道您使用哪种数据库访问之前,我无法修复它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.