码迷,mamicode.com
首页 > 移动开发 > 详细

Dapper 封装02-组装SQL

时间:2020-07-26 19:08:41      阅读:89      评论:0      收藏:0      [点我收藏+]

标签:转义   inf   操作   sed   com   open   return   执行   one   

在 SQLSERVER 里,我们在执行命令的时候我们是可以进行参数化传递的。这个好处主要可以防止注入。

定义接受参数的类:

   public class DataParameter
    {
        public DataParameter()
        {
        }
        public DataParameter(string name,object value)
        {
            this.Name = name;
            this.Value = value;
        }
        public string Name { get; set; }
        public object Value { get; set; }
    }

我们正常写一个 Where 语句,比如 WHERE Age=23 and name like ‘%delaywu%‘ 。从这句话中我们知道一个where 表达式 是由 表字段名 + 操作符号 + 值  组成的基本操作。

所以我们创建一个方法来构建这样的SQL

     private static WhereClip BuildWhereChip(string propertyName, object value, QueryOper op, string paramName=null)
        {
            if(op !=QueryOper.IsNull && op!=QueryOper.IsNotNull && (value==null || value==DBNull.Value))
            {
                return null;
            }
            WhereClip where = new WhereClip();
            StringBuilder sbSql = new StringBuilder($"{propertyName}{SqlQueryUtils.ToString(op)}");

            if (value !=null && value !=DBNull.Value)
            {
                if(paramName ==null)
                {
                    paramName = SqlQueryUtils.GetParmName(propertyName);
                }

                if(paramName.Length>0)
                {
                    sbSql.Append($"@{paramName}");
                    where.Parameters.Add(new DataParameter(paramName, value));
                }
                else
                {
                    sbSql.Append($"{value}");
                } 
            }
            where.WhereSql = sbSql.ToString();
            return where;
        }
        public static string GetParmName(string propertyName)
        {
            //[a.name]="delaywu"
            string paramName = propertyName.Replace("[", "").Replace("]", "");
            if(paramName.Contains("."))
            {
                //name
                int lstIdx = paramName.LastIndexOf(.);
                paramName = paramName.Substring(lstIdx + 1).Trim();
            }
            if(!System.Text.RegularExpressions.Regex.IsMatch(paramName,"^[a-zA-Z1-9_]*$"))
            {
                return string.Empty;
            }
            return paramName;
        }
GetParmName 这个方法主要是 可能在写多表查询的时候出现 a.Name b.age 这类的情况。获得其真实的 字段名称。以及[  ] 这个信息的处理。
有了基础的构建方法。我们可以把相关操的符的 WHERE 都可以生成出来了。
技术图片
 public static WhereClip Eq(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.Eq, paramName);
        }

        public static WhereClip NotEq(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.NotEq, paramName);
        }

        public static WhereClip IsNull(string propertyName)
        {
            return BuildWhereChip(propertyName, null, QueryOper.IsNull, null);
        }
        public static WhereClip IsNotNull(string propertyName)
        {
            return BuildWhereChip(propertyName, null, QueryOper.IsNotNull, null);
        }
        public static WhereClip StartWith(string propertyName, string value, string paramName = null)
        {
            return Like(propertyName, value.Replace("%", "[%]").Replace("_", "[_]") + %, paramName);
        } 
        public static WhereClip EndsWith(string propertyName, string value, string paramName = null)
        {
            return Like(propertyName, % + value.Replace("%", "[%]").Replace("_", "[_]"), paramName);
        }

        public static WhereClip Gt(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.Gt, paramName);
        }
        public static WhereClip Lt(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.Lt, paramName);
        }
        public static WhereClip Le(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.Le, paramName);
        }
        public static WhereClip Ge(string propertyName, object value, string paramName = null)
        {
            return BuildWhereChip(propertyName, value, QueryOper.Ge, paramName);
        }
        public static WhereClip Like(string propertyName, string value, string paramName = null)
        {
            if (string.IsNullOrEmpty(value))
            {
                return null;
            }
            return BuildWhereChip(propertyName, value, QueryOper.Like, paramName);
        }

        public static WhereClip Between(string propertyName, object lo, object hi,  string paramName=null)
        {
            WhereClip where = new WhereClip();
            StringBuilder sbSql = new StringBuilder($"{propertyName} between ");
            if(paramName==null)
            {
                paramName = SqlQueryUtils.GetParmName(propertyName);
            }
            if(propertyName.Length>0)
            {
                string strParamName1 = paramName + "_pmin";
                string strParamName2 = paramName + "_pmax";
                sbSql.Append($"@{strParamName1} and @{strParamName2} ");
                where.Parameters.Add(new DataParameter(strParamName1, lo));
                where.Parameters.Add(new DataParameter(strParamName2, hi));
            }
            else
            {
                sbSql.Append($"{lo} and {hi}");
            }
            where.WhereSql = sbSql.ToString();
            return where;
        }

        public static WhereClip DapperIn<T>(string propertyName,IEnumerable<T>values,string paramName=null)
        {
            if (values == null || !values.Any())
            {
                return null;
            }

            WhereClip where = new WhereClip();
            if(paramName==null)
            {
                paramName = SqlQueryUtils.GetParmName(propertyName);
            }
            if(paramName.Length>0)
            {
                where.Parameters.Add(new DataParameter(paramName, values));
                where.WhereSql = $"{propertyName} in @{paramName} ";
            }
            else
            {
                if(typeof(T).FullName==typeof(string).FullName)
                {
                    string strIn = string.Join<T>("‘,‘", values);
                    where.WhereSql = $"{propertyName} in ({strIn})";
                }
                else
                {
                    string strIn = string.Join<T>(",", values);
                    where.WhereSql = $"{propertyName} in ({strIn})";
                }
            }
            return where;
        }

        public static WhereClip DapperNotIn<T>(string propertyName, IEnumerable<T> values, string paramName = null)
        {
            if (values == null || !values.Any())
            {
                return null;
            }
            WhereClip where = new WhereClip();
            if (paramName == null)
            {
                paramName = SqlQueryUtils.GetParmName(propertyName);
            }
            if (paramName.Length > 0)
            {
                where.Parameters.Add(new DataParameter(paramName, values));
                where.WhereSql = $"{propertyName} not in @{paramName} ";
            }
            else
            {
                if (typeof(T).FullName == typeof(string).FullName)
                {
                    string strIn = string.Join<T>("‘,‘", values);
                    where.WhereSql = $"{propertyName} not in (‘{strIn}‘) ";
                }
                else
                {
                    string strIn = string.Join<T>(",", values);
                    where.WhereSql = $"{propertyName} not in ({strIn}) ";
                }
            }
            return where;
        }
View Code

上面的代码。我主要说一下 Like 相关的。数据库里面我们经常使用 []来转义特殊的单词。like 中%我们是要转义的,其次_也要的。

技术图片

 

 

测试一下:

技术图片

 

Dapper 封装02-组装SQL

标签:转义   inf   操作   sed   com   open   return   执行   one   

原文地址:https://www.cnblogs.com/delaywu/p/13380203.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!