在 where 子句中动态添加 like 运算符
Dynamically add like operators in where clause
任何人都可以解决我的问题吗?
我有一个最大长度的字符串数组。我想将所有字符串数组元素与单个 SQL 查询进行比较。我该怎么做?
string[] new = searchtext;
select Qid from questions where qdescriptions like string[0],string[1],string[2]
字符串数组长度不固定,是动态的。
例如:我的搜索字符串是 "admin login error"
然后我把它分成
admin
login
error
分三部分。我的预期结果应该包含数据库中的所有这三个字符串
像这样
Admin post this;
password change for login;
the error database;
希望你明白。结果应该在单个搜索查询中包含我的所有搜索字符串..
C#代码:
public void searchdetails(string[] searchwords) {
SqlConnection con = new SqlConnection();
con.ConnectionString = connection; con.Open();
string[] soldesc = searchwords;
int i = 0;
if (soldesc.Length == 1) {
string query1 = "select Qid from Questions where Qdescription like '% " + soldesc[i] + " %'";
}
SqlCommand cmds = new SqlCommand(query1, con); cmds.ExecuteNonQuery();
试试这个
declare @searchtext nvarchar(max) = 'abc,def,pqr'
创建函数
CREATE FUNCTION [dbo].[fn_Split](@text varchar(8000), @delimiter varchar(20))
RETURNS @Strings TABLE
(
position int IDENTITY PRIMARY KEY,
value varchar(8000)
)
AS
BEGIN
DECLARE @index int
SET @index = -1
WHILE (LEN(@text) > 0)
BEGIN
SET @index = CHARINDEX(@delimiter , @text)
IF (@index = 0) AND (LEN(@text) > 0)
BEGIN
INSERT INTO @Strings VALUES (@text)
BREAK
END
IF (@index > 1)
BEGIN
INSERT INTO @Strings VALUES (LEFT(@text, @index - 1))
SET @text = RIGHT(@text, (LEN(@text) - @index))
END
ELSE
SET @text = RIGHT(@text, (LEN(@text) - @index))
END
RETURN
END
查询
select * from yourtable y inner join (select value from
fn_split(@searchtext,',')) as split on y.qdescriptions like '%+split.value+%'
您可以通过动态创建 sql 查询来做到这一点:
string[] new = searchtext;
String query = "select Qid from questions";
在您的应用程序中编写一个循环遍历您的搜索数组的 for 循环:
伪代码传入:
For(String searchstring in new){
if(new.indexof(searchstring) === 0){
query += " where qdescriptions like " + searchstring;
}
else{
//depending on what you want to do here use OR or AND
query += " or qdescriptions like " + searchstring;
}
}
result = query.execute();
注意:这是伪代码,因为您没有说明您使用的是什么编程语言等,所以我无法告诉您 for 循环的实际语法是什么样的,也无法告诉您如何保护您的查询免受攻击sql注射
您的 C# 代码应如下所示:
public void searchdetails(string[] searchwords) {
SqlConnection con = new SqlConnection(); con.ConnectionString = connection;
con.Open();
string[] soldesc = searchwords;
string query1 = "select Qid from Questions";
For(int i = 0; i<soldesc.Length;i++){
if (i == 0) {
query1 += "where Qdescription like '%" + soldesc[i] + "%'";
}
else{
query1 += " AND Qdescription like '%" + soldesc[i] + "%'";
}
}
SqlCommand cmds = new SqlCommand(query1, con); cmds.ExecuteNonQuery();
在 C# 中,您可以像这样生成查询文本...
public static void Main()
{
string final = GenerateParameters("tableName", "fieldName", new[] {"admin", "login", " error"});
// execute query
// final = "SELECT * FROM tableName WHERE fieldName LIKE '%admin%' OR fieldName LIKE '%login%' OR fieldName LIKE '% error%'"
}
static string GenerateParameters(string tableName, string fieldName, IEnumerable<string> searchTerms)
{
string sqlParameters = string.Join(" OR ", searchTerms.Select(x => "{0} LIKE '%{1}%'".FormatWith(fieldName, x)));
return "SELECT * FROM {0} WHERE ".FormatWith(tableName) + sqlParameters;
}
public static class StringExtensions
{
public static string FormatWith(this string value, params object[] args)
{
return String.Format(value, args);
}
}
任何人都可以解决我的问题吗?
我有一个最大长度的字符串数组。我想将所有字符串数组元素与单个 SQL 查询进行比较。我该怎么做?
string[] new = searchtext;
select Qid from questions where qdescriptions like string[0],string[1],string[2]
字符串数组长度不固定,是动态的。
例如:我的搜索字符串是 "admin login error"
然后我把它分成
admin
login
error
分三部分。我的预期结果应该包含数据库中的所有这三个字符串
像这样
Admin post this;
password change for login;
the error database;
希望你明白。结果应该在单个搜索查询中包含我的所有搜索字符串..
C#代码:
public void searchdetails(string[] searchwords) {
SqlConnection con = new SqlConnection();
con.ConnectionString = connection; con.Open();
string[] soldesc = searchwords;
int i = 0;
if (soldesc.Length == 1) {
string query1 = "select Qid from Questions where Qdescription like '% " + soldesc[i] + " %'";
}
SqlCommand cmds = new SqlCommand(query1, con); cmds.ExecuteNonQuery();
试试这个
declare @searchtext nvarchar(max) = 'abc,def,pqr'
创建函数
CREATE FUNCTION [dbo].[fn_Split](@text varchar(8000), @delimiter varchar(20))
RETURNS @Strings TABLE
(
position int IDENTITY PRIMARY KEY,
value varchar(8000)
)
AS
BEGIN
DECLARE @index int
SET @index = -1
WHILE (LEN(@text) > 0)
BEGIN
SET @index = CHARINDEX(@delimiter , @text)
IF (@index = 0) AND (LEN(@text) > 0)
BEGIN
INSERT INTO @Strings VALUES (@text)
BREAK
END
IF (@index > 1)
BEGIN
INSERT INTO @Strings VALUES (LEFT(@text, @index - 1))
SET @text = RIGHT(@text, (LEN(@text) - @index))
END
ELSE
SET @text = RIGHT(@text, (LEN(@text) - @index))
END
RETURN
END
查询
select * from yourtable y inner join (select value from
fn_split(@searchtext,',')) as split on y.qdescriptions like '%+split.value+%'
您可以通过动态创建 sql 查询来做到这一点:
string[] new = searchtext;
String query = "select Qid from questions";
在您的应用程序中编写一个循环遍历您的搜索数组的 for 循环: 伪代码传入:
For(String searchstring in new){
if(new.indexof(searchstring) === 0){
query += " where qdescriptions like " + searchstring;
}
else{
//depending on what you want to do here use OR or AND
query += " or qdescriptions like " + searchstring;
}
}
result = query.execute();
注意:这是伪代码,因为您没有说明您使用的是什么编程语言等,所以我无法告诉您 for 循环的实际语法是什么样的,也无法告诉您如何保护您的查询免受攻击sql注射
您的 C# 代码应如下所示:
public void searchdetails(string[] searchwords) {
SqlConnection con = new SqlConnection(); con.ConnectionString = connection;
con.Open();
string[] soldesc = searchwords;
string query1 = "select Qid from Questions";
For(int i = 0; i<soldesc.Length;i++){
if (i == 0) {
query1 += "where Qdescription like '%" + soldesc[i] + "%'";
}
else{
query1 += " AND Qdescription like '%" + soldesc[i] + "%'";
}
}
SqlCommand cmds = new SqlCommand(query1, con); cmds.ExecuteNonQuery();
在 C# 中,您可以像这样生成查询文本...
public static void Main()
{
string final = GenerateParameters("tableName", "fieldName", new[] {"admin", "login", " error"});
// execute query
// final = "SELECT * FROM tableName WHERE fieldName LIKE '%admin%' OR fieldName LIKE '%login%' OR fieldName LIKE '% error%'"
}
static string GenerateParameters(string tableName, string fieldName, IEnumerable<string> searchTerms)
{
string sqlParameters = string.Join(" OR ", searchTerms.Select(x => "{0} LIKE '%{1}%'".FormatWith(fieldName, x)));
return "SELECT * FROM {0} WHERE ".FormatWith(tableName) + sqlParameters;
}
public static class StringExtensions
{
public static string FormatWith(this string value, params object[] args)
{
return String.Format(value, args);
}
}