如何在 sql 中使用 Is null or empty in raw for assigned value which is not in table?
How to use Is null or empty in raw sql for assigned value which is not in table?
如何在RawSQL中检查IsNullOrEmpty。如果控制号和发件人ID都有值,则检查both.If的类似条件它只有发件人ID检查发件人的类似条件单独的 id 和如果它单独具有控制编号,请检查单独的控制编号的条件。它显示错误
Incorrect syntax near *
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = "*" + controlNumber + "*";
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = "*" + senderNumber + "*";
}
var fileDetail = context.FileDetails
.SqlQuery("select * from FileDetails where @" + controlNumber.ToString()
+" is not null OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString()
+ "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString()+"%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
您追加的内容过多 *,结果查询构建不正确。相应地检查条件:
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = controlNumber;
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = senderNumber;
}
var fileDetail = context.FileDetails.SqlQuery("select * from FileDetails where " + controlNumber.ToString() + " is not null" + " OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString() + "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString() + "%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
注意:这种方式容易SQL注入,完全不推荐。请从以下链接阅读有关参数化查询和最佳实践的信息:
如何在RawSQL中检查IsNullOrEmpty。如果控制号和发件人ID都有值,则检查both.If的类似条件它只有发件人ID检查发件人的类似条件单独的 id 和如果它单独具有控制编号,请检查单独的控制编号的条件。它显示错误
Incorrect syntax near *
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = "*" + controlNumber + "*";
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = "*" + senderNumber + "*";
}
var fileDetail = context.FileDetails
.SqlQuery("select * from FileDetails where @" + controlNumber.ToString()
+" is not null OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString()
+ "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString()+"%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
您追加的内容过多 *,结果查询构建不正确。相应地检查条件:
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = controlNumber;
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = senderNumber;
}
var fileDetail = context.FileDetails.SqlQuery("select * from FileDetails where " + controlNumber.ToString() + " is not null" + " OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString() + "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString() + "%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
注意:这种方式容易SQL注入,完全不推荐。请从以下链接阅读有关参数化查询和最佳实践的信息: