使用输入框在 asp.net core razor with dapper 中过滤
Use inputbox to filter in asp.net core razor with dapper
我有一个已经从数据库中获取数据的查询,现在我想使用剃刀页面中的复选框来过滤数据。
下面是复选框
<!--check box-->
<div id="selection" class="input-group col-md-3 flex-column" style="display: inline-flex;">
<div class="form-check">
<input type="text" class="form-check-input" value="InterestRate" name="loan" id="intRate">
<label class="form-check-label" for="exampleCheck1">Interest Rate</label>
</div>
<div class="form-check">
<input type="text" class="form-check-input" value="LoanAmount" name="loan" id="intRate">
<label class="form-check-label" for="exampleCheck1">Interest Rate</label>
</div>
<div class="form-check">
<input type="date" class="form-check-input" value="LoanTrfDate" name="loan" id="transDate">
<label class="form-check-label" for="exampleCheck1">Transfer Date</label>
</div>
<button type="submit" class="btn btn-primary" id="filter">Submit</button>
</div>
<!--check box-->
我已经通过 string[] Requestloans 获取了复选框的值,但问题是如何使用 dapper 使用 RequestLoans 数组来归档数据库。
如果这对两个人来说是可能的,那么我也可以将它应用到两个人以上
public async Task<IEnumerable<Loan>> ManageGettingAll(string[] Requestloans, bool includeDeleted, bool showUnapprovedOnly)
{
IEnumerable<Loan> loans = null;
try
{
using (var conn = new SqlConnection(connectionstring))
{
await con.OpenAsync();
string sql = "Select l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId";
if (!includeDeleted)
{
sql += " and l.Deleted = 0";
}
if (showUnapprovedOnly)
{
sql += " and l.Approved = 0";
}
loans = await conn.QueryAsync<Loan>(sql);
}
}
catch (Exception)
{
throw;
}
return loans;
}
如果您设法在调用之前将输入变量放入 Dictionary 中,可以通过数据绑定变量或以其他方式在需要时获取它们。下面的方法可以帮你过滤。
这假设您将键设为列名。在这种情况下,它们都来自相同的 table 别名(尽管您可以根据需要对其进行编辑。这只是一种不断构建准备好的语句的方法,可以动态添加 where 条件)。
public async Task<IEnumerable<Loan>> ManageGettingAll(Dictionary<string, object> Params)
{
IEnumerable<Loan> loans = null;
try
{
using (var conn = new SqlConnection(connectionstring))
{
await conn.OpenAsync();
string basesql = "Select l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId";
DynamicParameters queryParams = new DynamicParameters();
if (Params.Count == 0)
{
//No params, so no where condition needed.
}
else
{
bool firstVar = true;
basesql += " WHERE ";
foreach (var paramName in Params.Keys)
{
if (!firstVar)
{
basesql += " AND ";
}
else
{
firstVar = false;
}
basesql += ("l." + paramName + " = @" + paramName);
if (Params.TryGetValue(paramName, out object ParamValue))
{
queryParams.Add("@" + paramName, ParamValue);
}
else
{
//Key not found, should be impossible though.
}
}
}
loans = await conn.QueryAsync<Loan>(basesql, queryParams);
}
}
catch (Exception)
{
throw;
}
return loans;
}
如果你有这样一个字典:
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters.Add("interestrate", 10);
parameters.Add("transferdate", DateTime.Now);
parameters.Add("loanName", "Mortgage");
ManageGettingAll(parameters);
参数化查询变为:
SELECT l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId
WHERE l.interestrate = @interestrate AND l.transferdate = @transferdate AND l.loanName = @loanname
执行时您提供参数值,Dapper 非常擅长根据您的值进行类型匹配。这也解决了 SQL 注入的一些危险。
还有其他方法可以动态构建查询或插入参数。
将值放入我将留给你的字典中。
小巧玲珑explanation
我有一个已经从数据库中获取数据的查询,现在我想使用剃刀页面中的复选框来过滤数据。 下面是复选框
<!--check box-->
<div id="selection" class="input-group col-md-3 flex-column" style="display: inline-flex;">
<div class="form-check">
<input type="text" class="form-check-input" value="InterestRate" name="loan" id="intRate">
<label class="form-check-label" for="exampleCheck1">Interest Rate</label>
</div>
<div class="form-check">
<input type="text" class="form-check-input" value="LoanAmount" name="loan" id="intRate">
<label class="form-check-label" for="exampleCheck1">Interest Rate</label>
</div>
<div class="form-check">
<input type="date" class="form-check-input" value="LoanTrfDate" name="loan" id="transDate">
<label class="form-check-label" for="exampleCheck1">Transfer Date</label>
</div>
<button type="submit" class="btn btn-primary" id="filter">Submit</button>
</div>
<!--check box-->
我已经通过 string[] Requestloans 获取了复选框的值,但问题是如何使用 dapper 使用 RequestLoans 数组来归档数据库。
如果这对两个人来说是可能的,那么我也可以将它应用到两个人以上
public async Task<IEnumerable<Loan>> ManageGettingAll(string[] Requestloans, bool includeDeleted, bool showUnapprovedOnly)
{
IEnumerable<Loan> loans = null;
try
{
using (var conn = new SqlConnection(connectionstring))
{
await con.OpenAsync();
string sql = "Select l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId";
if (!includeDeleted)
{
sql += " and l.Deleted = 0";
}
if (showUnapprovedOnly)
{
sql += " and l.Approved = 0";
}
loans = await conn.QueryAsync<Loan>(sql);
}
}
catch (Exception)
{
throw;
}
return loans;
}
如果您设法在调用之前将输入变量放入 Dictionary
这假设您将键设为列名。在这种情况下,它们都来自相同的 table 别名(尽管您可以根据需要对其进行编辑。这只是一种不断构建准备好的语句的方法,可以动态添加 where 条件)。
public async Task<IEnumerable<Loan>> ManageGettingAll(Dictionary<string, object> Params)
{
IEnumerable<Loan> loans = null;
try
{
using (var conn = new SqlConnection(connectionstring))
{
await conn.OpenAsync();
string basesql = "Select l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId";
DynamicParameters queryParams = new DynamicParameters();
if (Params.Count == 0)
{
//No params, so no where condition needed.
}
else
{
bool firstVar = true;
basesql += " WHERE ";
foreach (var paramName in Params.Keys)
{
if (!firstVar)
{
basesql += " AND ";
}
else
{
firstVar = false;
}
basesql += ("l." + paramName + " = @" + paramName);
if (Params.TryGetValue(paramName, out object ParamValue))
{
queryParams.Add("@" + paramName, ParamValue);
}
else
{
//Key not found, should be impossible though.
}
}
}
loans = await conn.QueryAsync<Loan>(basesql, queryParams);
}
}
catch (Exception)
{
throw;
}
return loans;
}
如果你有这样一个字典:
Dictionary<string, object> parameters = new Dictionary<string, object>();
parameters.Add("interestrate", 10);
parameters.Add("transferdate", DateTime.Now);
parameters.Add("loanName", "Mortgage");
ManageGettingAll(parameters);
参数化查询变为:
SELECT l.*, c.FirstName from dbo.Loan l left join Customer c on l.CustId=c.CustId
WHERE l.interestrate = @interestrate AND l.transferdate = @transferdate AND l.loanName = @loanname
执行时您提供参数值,Dapper 非常擅长根据您的值进行类型匹配。这也解决了 SQL 注入的一些危险。
还有其他方法可以动态构建查询或插入参数。 将值放入我将留给你的字典中。
小巧玲珑explanation