要使用 Raw SQL 更新数据库中的字段?
To update the field in database using Raw SQL?
当我检查 where 条件时,我需要根据 senderId 更新 IsIgnored 字段,它没有识别我从 loop.It 比较的 senderId 抛出异常,如不明确的列名 'senderid'。指导我这个解决这个问题。
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID =senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
这样试过:
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID ='149825353' and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter
{
ParameterName = "senderId",
DbType = System.Data.DbType.String,
Value = senderId
});
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter("@senderId", senderId));
您需要将 sql 参数添加到查询中。
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
context.EDIDocuments.ExecuteSqlCommand("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0",
new SqlParameter
{
ParameterName = "senderId",
DbType = DbType.Int32,
Value = senderId
});
}
}
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery($"Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID={senderId} and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
}
但是这种方法有可能存在 SQL 注入的地方。
您应该知道的第一件事是 DbSet.SqlQuery() method primarily used to execute SELECT statement which returns result set based on corresponding entity type, i.e. DbSet name. If you want to execute action queries like UPDATE command, you should use Database.ExecuteSqlCommand() 使用 SqlParameter[] 数组代替参数,如下例所示:
string rawQuery = @"Update EDIDocument SET IsIgnored = 1 From EDIDocument AS edi
INNER JOIN FileDetails AS files on edi.FileDetailsId = files.Id
where edi.IsDeleted = 0 and edi.SenderID = @senderId
and edi.DocumentTypeID <> 3 and edi.DocumentTypeID <> 5
and edi.DocumentTypeID <> 2 and edi.IsIgnored = 0 and files.IsDeleted = 0";
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
var queryParams = new List<SqlParameter>();
queryParams.Add(new SqlParameter("@senderId", senderId));
var ediDocuments = context.Database.ExecuteSqlCommand(rawQuery, queryParams.ToArray());
}
}
注:
DbSet.SqlQuery()和Database.ExecuteSqlCommand()方法的第二个参数都使用object[]数组,因此您需要将参数传递到数组中而不是直接使用它们。
参考:
当我检查 where 条件时,我需要根据 senderId 更新 IsIgnored 字段,它没有识别我从 loop.It 比较的 senderId 抛出异常,如不明确的列名 'senderid'。指导我这个解决这个问题。
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID =senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
这样试过:
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID ='149825353' and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter
{
ParameterName = "senderId",
DbType = System.Data.DbType.String,
Value = senderId
});
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter("@senderId", senderId));
您需要将 sql 参数添加到查询中。
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
context.EDIDocuments.ExecuteSqlCommand("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0",
new SqlParameter
{
ParameterName = "senderId",
DbType = DbType.Int32,
Value = senderId
});
}
}
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery($"Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID={senderId} and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
}
但是这种方法有可能存在 SQL 注入的地方。
您应该知道的第一件事是 DbSet.SqlQuery() method primarily used to execute SELECT statement which returns result set based on corresponding entity type, i.e. DbSet name. If you want to execute action queries like UPDATE command, you should use Database.ExecuteSqlCommand() 使用 SqlParameter[] 数组代替参数,如下例所示:
string rawQuery = @"Update EDIDocument SET IsIgnored = 1 From EDIDocument AS edi
INNER JOIN FileDetails AS files on edi.FileDetailsId = files.Id
where edi.IsDeleted = 0 and edi.SenderID = @senderId
and edi.DocumentTypeID <> 3 and edi.DocumentTypeID <> 5
and edi.DocumentTypeID <> 2 and edi.IsIgnored = 0 and files.IsDeleted = 0";
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
var queryParams = new List<SqlParameter>();
queryParams.Add(new SqlParameter("@senderId", senderId));
var ediDocuments = context.Database.ExecuteSqlCommand(rawQuery, queryParams.ToArray());
}
}
注:
DbSet.SqlQuery()和Database.ExecuteSqlCommand()方法的第二个参数都使用object[]数组,因此您需要将参数传递到数组中而不是直接使用它们。
参考: