如何在Entity Framework中编写参数化的原始sql查询
如何在Entity Framework中编写参数化的原始sql查询? 我尝试过以下方法:
string dateQueryString = String.Join(",", chartModelData.GetFormattedDateList()); //Dates returned in format of 20140402,20140506,20140704 const string selectQuery = @"SELECT MAX(DATA_SEQ) AS MaxSeq, MIN(DATA_SEQ) AS MinSeq, COUNT(1) AS TotSampleCnt FROM SPCDATA_TB WHERE DATA_WDATE IN @DateParam AND LINE_CODE = @LineCode AND MODEL_NO = @ModelNumber AND LOT_NO = @LotNumber AND EQUIP_NO LIKE @EquipNumber"; SPCDataSeqCntInfo dataSeqCntInfo = _dbContext.Database.SqlQuery(selectQuery, new SqlParameter("@DateParam", dateQueryString), new SqlParameter("@LineCode", chartModelData.LineCode), new SqlParameter("@ModelNumber", chartModelData.ModelNum), new SqlParameter("@EquipNumber", equipmentNumber), new SqlParameter("@LotNumber", chartModelData.LotNum)) .SingleOrDefault() ?? new SPCDataSeqCntInfo(); 但正如预期的那样,它会在DateParam上抛出一个错误,因为它期望一个值。
这不是特定于entity framework的问题,您可以通过动态生成自己的参数名称来解决它。
var parameters = new List { new SqlParameter("@DateParam", dateQueryString), new SqlParameter("@LineCode", chartModelData.LineCode), new SqlParameter("@ModelNumber", chartModelData.ModelNum), new SqlParameter("@EquipNumber", equipmentNumber), new SqlParameter("@LotNumber", chartModelData.LotNum) }; var dateParameters = chartModelData .GetFormattedDateList() .Select((date, index) => new SqlParameter("@date" + index, date)); parameters.AddRange(dateParameters); var inValues = string.Join(", ", dateParameters.Select(p => p.ParameterName)); var query = @"SELECT MAX(DATA_SEQ) AS MaxSeq, MIN(DATA_SEQ) AS MinSeq, COUNT(1) AS TotSampleCnt FROM SPCDATA_TB WHERE DATA_WDATE IN (" + inValues + @") AND LINE_CODE = @LineCode AND MODEL_NO = @ModelNumber AND LOT_NO = @LotNumber AND EQUIP_NO LIKE @EquipNumber"; var myResult = _dbContext.Database .SqlQuery(query, parameters.ToArray());
发送到SQL-Server的结果查询将如下所示:
SELECT MAX(DATA_SEQ) AS MaxSeq, MIN(DATA_SEQ) AS MinSeq, COUNT(1) AS TotSampleCnt FROM SPCDATA_TB WHERE DATA_WDATE IN (@date0, @date1, @date2) AND LINE_CODE = @LineCode AND MODEL_NO = @ModelNumber AND LOT_NO = @LotNumber AND EQUIP_NO LIKE @EquipNumber
通常,您希望在编写查询时避免执行字符串操作,但是,我相信这个示例在sql-injection中是安全的。
以下是在SQL中编写查询的方法。
select * from MyTable where dateColumn in ('2014-01-01', '2014-02-01', '2014-03-01')
因此,除了必须用括号完全分隔这个字符串之外,我们不应该期望。
var dateQueryString = string.Join(",", chartModelData.GetFormattedDateList()); // Dates shall be returned as DateTime.ToShortDateTimeString() as follows: // '2014-01-01', '2014-02-01', '2014-03-01'
然后只留下用括号括起来。
var sql = @"select max(data_seq) as MaxSeq , min(data_seq) as MinSeq , count(1) as TotSampleCnt from spcdata_tb where data_wadate in (@DateParam) and line_code = @LineCode and model_no = @ModelNumber and lot_no = @LotNumber and equip_no like @EquipNumber";
为每个命名参数提供参数值,然后瞧! 这应该做到!
我写了一个存储过程,而不是接受你的参数,然后将proc添加到你的edmx。
然后,在edmx – >模型浏览器 – >函数导入 – > …中将存储过程的返回类型更改为SPCDataSeqCntInfo。
然后,entity framework将负责传递您的参数。
例如
public static List GetSPCDataSeqCntInfo(DateTime dateParam, string lineCode, int modelNum, int equipmentNumber, int lotNum) { using (var db = new NameOfMyEntites()) { return db.sp_GetSPCDataSeqCntInfo(dateParam, lineCode, modelNum, equipmentNumber, lotNum).ToList(); } }