具有多个条件的参数化查询问题
parameterized query issue with multiple conditions
我正在尝试创建具有多个条件的参数化 sql 查询。我在 entity framework 2.2 版和 MSSQL 2016 上打开一个命令,它使用模块 System.Data.Common.DbCommand
当我将 @tenantName 之后的 AND 更改为 OR 时, sql 命令有效。我需要它是一个 AND 语句来获得正确的数字。
以下 sql 命令代码不起作用,但它在 sql management studio 中有效
var command = _context.Database.GetDbConnection().CreateCommand();
command.Transaction = _context.Database.CurrentTransaction.GetDbTransaction();
command.Parameters.Add(new SqlParameter("@tenantName", tenantName));
command.Parameters.Add(new SqlParameter("@searchTerm", searchTerm));
command.Parameters.Add(new SqlParameter("@hashedSearchTerm", hashedSearchTerm));
command.CommandText = "SELECT COUNT(*) FROM dbo.IdpUserEventLog WHERE " +
"(TenantName IS NOT NULL AND TenantName = @tenantName) AND (" +
"(EventType IS NOT NULL AND EventType LIKE '%@searchTerm%') " +
"OR (AppName IS NOT NULL AND AppName LIKE '%@searchTerm%') " +
"OR (EventExtra IS NOT NULL AND EventExtra LIKE '%@searchTerm%') " +
"OR (EventDescription IS NOT NULL AND EventDescription LIKE '%@searchTerm%') " +
"OR (EventResultReport IS NOT NULL AND EventResultReport LIKE '%@searchTerm%') " +
"OR (EventDescription IS NOT NULL AND EventDescription LIKE '%@hashedSearchTerm%') " +
"OR (EventExtra IS NOT NULL AND EventExtra LIKE '%@hashedSearchTerm%')) " +
感谢@mjwills 和@derpirscher 的评论,我现在通过将代码更改为以下
,得到与 sql management studio 中相同的结果
var command = _context.Database.GetDbConnection().CreateCommand();
command.Transaction = _context.Database.CurrentTransaction.GetDbTransaction();
command.Parameters.Add(new SqlParameter("@tenantName", tenantName));
command.Parameters.Add(new SqlParameter("@searchTerm", $"%{searchTerm}%"));
command.Parameters.Add(new SqlParameter("@hashedSearchTerm", $"%{hashedSearchTerm}%"));
command.CommandText = "SELECT COUNT(*) FROM dbo.IdpUserEventLog WHERE " +
"(TenantName = @tenantName) AND (" +
"(EventType LIKE @searchTerm) " +
"OR (AppName LIKE @searchTerm) " +
"OR (EventExtra LIKE @searchTerm) " +
"OR (EventDescription LIKE @searchTerm) " +
"OR (EventResultReport LIKE @searchTerm) " +
"OR (EventDescription LIKE @hashedSearchTerm) " +
"OR (EventExtra LIKE @hashedSearchTerm)) " +
我正在尝试创建具有多个条件的参数化 sql 查询。我在 entity framework 2.2 版和 MSSQL 2016 上打开一个命令,它使用模块 System.Data.Common.DbCommand
当我将 @tenantName 之后的 AND 更改为 OR 时, sql 命令有效。我需要它是一个 AND 语句来获得正确的数字。
以下 sql 命令代码不起作用,但它在 sql management studio 中有效
var command = _context.Database.GetDbConnection().CreateCommand();
command.Transaction = _context.Database.CurrentTransaction.GetDbTransaction();
command.Parameters.Add(new SqlParameter("@tenantName", tenantName));
command.Parameters.Add(new SqlParameter("@searchTerm", searchTerm));
command.Parameters.Add(new SqlParameter("@hashedSearchTerm", hashedSearchTerm));
command.CommandText = "SELECT COUNT(*) FROM dbo.IdpUserEventLog WHERE " +
"(TenantName IS NOT NULL AND TenantName = @tenantName) AND (" +
"(EventType IS NOT NULL AND EventType LIKE '%@searchTerm%') " +
"OR (AppName IS NOT NULL AND AppName LIKE '%@searchTerm%') " +
"OR (EventExtra IS NOT NULL AND EventExtra LIKE '%@searchTerm%') " +
"OR (EventDescription IS NOT NULL AND EventDescription LIKE '%@searchTerm%') " +
"OR (EventResultReport IS NOT NULL AND EventResultReport LIKE '%@searchTerm%') " +
"OR (EventDescription IS NOT NULL AND EventDescription LIKE '%@hashedSearchTerm%') " +
"OR (EventExtra IS NOT NULL AND EventExtra LIKE '%@hashedSearchTerm%')) " +
感谢@mjwills 和@derpirscher 的评论,我现在通过将代码更改为以下
,得到与 sql management studio 中相同的结果var command = _context.Database.GetDbConnection().CreateCommand();
command.Transaction = _context.Database.CurrentTransaction.GetDbTransaction();
command.Parameters.Add(new SqlParameter("@tenantName", tenantName));
command.Parameters.Add(new SqlParameter("@searchTerm", $"%{searchTerm}%"));
command.Parameters.Add(new SqlParameter("@hashedSearchTerm", $"%{hashedSearchTerm}%"));
command.CommandText = "SELECT COUNT(*) FROM dbo.IdpUserEventLog WHERE " +
"(TenantName = @tenantName) AND (" +
"(EventType LIKE @searchTerm) " +
"OR (AppName LIKE @searchTerm) " +
"OR (EventExtra LIKE @searchTerm) " +
"OR (EventDescription LIKE @searchTerm) " +
"OR (EventResultReport LIKE @searchTerm) " +
"OR (EventDescription LIKE @hashedSearchTerm) " +
"OR (EventExtra LIKE @hashedSearchTerm)) " +