I am trying to filter a model with two dropdown in an MVC project
var model = (from x in db.TABLE....
join y in db.TABLE...).Where(where)...
my logic is
String where = string.Empty;
if (search.anno != null)
where = " ANNO = " + search.anno ;
if (search.Cliente != null)
{
if (!string.IsNullOrEmpty(where))
{
where += " And CODICE_CLIENTE = '" + search.Cliente + "'"; }
else
{
where = " CODICE_CLIENTE = '" + search.Cliente + "'";
}
}
i get an error: System.Linq.Dynamic.ParseException: Character literal must contain exactly one character
i get that in where += " And CODICE_CLIENTE = '" + search.Cliente + "'";
i saw that the Apex at the end is '"
how can solve
This example translated into Linq without allowing Sql Injection Attacks
String where = string.Empty;
if (search.anno != null)
where = " ANNO = " + search.anno ;
if (search.Cliente != null)
{
if (!string.IsNullOrEmpty(where))
{
where += " And CODICE_CLIENTE = '" + search.Cliente + "'"; }
else
{
where = " CODICE_CLIENTE = '" + search.Cliente + "'";
}
}
Would look like:
IQueryable<x> query = (from x in db.TABLE....
join y in db.TABLE...);
if (search.anno != null)
{
query = query.Where(x => x.ANNO == search.anno);
}
if (search.Cliente != null)
{
query = query.WHere(x => x.CODICE_CLIENTE == search.Cliente);
}
var model = query.ToList(); // or await query.ToListAsync();
I solved so ...
String where = string.Empty; object[] parameters = null;
if (search.anno != null)
where = " ANNO = @0 ";
parameters = new object[] { search.anno };
if (search.Cliente != null)
{
if (!string.IsNullOrEmpty(where))
{
where += " && CODICE_CLIENTE = @1";
parameters = new object[] { search.anno, search.Cliente };
}
else
{
where = " CODICE_CLIENTE = @0";
parameters = new object[] { search.Cliente };
}
}
if (search.linea != null)
{
if (!string.IsNullOrEmpty(where))
{
where += " && LINEA.Contains(@2) ";
parameters = new object[] { search.anno, search.Cliente, search.linea };
}
else
{
where = " LINEA.Contains(@0) ";
parameters = new object[] { search.linea };
}
}
but the problem is with LINEA property (anonimous type): it is string and i cant use Contains(@p) tanks again for all the replay and help you provided
You need to use double equals for the expression and double quotes for the strings String where = string.Empty;
if (search.anno != null)
where = " ANNO == " + search.anno ;
if (search.Cliente != null)
{
if (!string.IsNullOrEmpty(where))
{
where += " And CODICE_CLIENTE == \"" + search.Cliente + "\""; }
else
{
where = " CODICE_CLIENTE == \"" + search.Cliente + "\"";
}
}
Note that this is prone to SQL injection and should be avoided, you should use parameters, something like this:
var model = (from x in db.TABLE.... join y in db.TABLE...).Where(whereString, params)...
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.