MySQL查询并不在C#中工作,但是当数据库
直接执行。在我的C#项目工程,我试图用逗号分隔的字符串列表动态填充WHERE子句来查询数据库表:MySQL查询并不在C#中工作,但是当数据库
List<string> productNames = new List<string>() { "A", "B", "C" };
// Construct SQL query
string names = String.Join(",", productNames.Select(n => "'" + n.ToLower() + "'").ToArray());
// names = 'a', 'b', 'c'
string query = "SELECT * FROM products WHERE LOWER(name) IN (@names);";
MySqlCommand cmd = new MySqlCommand(query, dbConn);
cmd.Parameters.AddWithValue("@names", names);
MySqlDataReader row = cmd.ExecuteReader();
while (row.Read())
{
// Zero rows returned
}
当我运行上述,没有行被返回。 然而,当我直接通过MySQL工作台在数据库上运行SQL查询,该行发现:
SELECT * FROM products WHERE LOWER(name) IN ('a', 'b', 'c');
// 3 rows found
为什么这并不在我的C代码工作?
Brain已在其博客文章here中很好地解释了这一点。下面的答案是这篇文章的摘录: 您需要逐个添加数组中的值。
List<string> productNames = new List<string>() { "A", "B", "C" };
var parameters = new string[productNames.Count];
var cmd = new SqlCommand();
for (int i = 0; i < productNames.Count; i++)
{
parameters[i] = string.Format("@name{0}", i);
cmd.Parameters.AddWithValue(parameters[i], productNames[i]);
}
cmd.CommandText = string.Format("SELECT * FROM products WHERE LOWER(name) IN ({0})", string.Join(", ", parameters));
cmd.Connection = new SqlConnection(connStr);
这里是一个扩展的和可重复使用的解决方案
public static class SqlCommandExt
{
/// <summary>
/// This will add an array of parameters to a SqlCommand. This is used for an IN statement.
/// Use the returned value for the IN part of your SQL call. (i.e. SELECT * FROM table WHERE field IN ({paramNameRoot}))
/// </summary>
/// <param name="cmd">The SqlCommand object to add parameters to.</param>
/// <param name="values">The array of strings that need to be added as parameters.</param>
/// <param name="paramNameRoot">What the parameter should be named followed by a unique value for each value. This value surrounded by {} in the CommandText will be replaced.</param>
/// <param name="start">The beginning number to append to the end of paramNameRoot for each value.</param>
/// <param name="separator">The string that separates the parameter names in the sql command.</param>
public static SqlParameter[] AddArrayParameters<T>(this SqlCommand cmd, IEnumerable<T> values, string paramNameRoot, int start = 1, string separator = ", ")
{
/* An array cannot be simply added as a parameter to a SqlCommand so we need to loop through things and add it manually.
* Each item in the array will end up being it's own SqlParameter so the return value for this must be used as part of the
* IN statement in the CommandText.
*/
var parameters = new List<SqlParameter>();
var parameterNames = new List<string>();
var paramNbr = start;
foreach(var value in values)
{
var paramName = string.Format("@{0}{1}", paramNameRoot, paramNbr++);
parameterNames.Add(paramName);
parameters.Add(cmd.Parameters.AddWithValue(paramName, value));
}
cmd.CommandText = cmd.CommandText.Replace("{" + paramNameRoot + "}", string.Join(separator, parameterNames.ToArray()));
return parameters.ToArray();
}
}
你可以像
var cmd = new SqlCommand("SELECT * FROM products WHERE LOWER(name) IN ({name})");
cmd.AddArrayParameters(new int[] {"A", "B", "C" }, "name");
声明称这是你的方法内部在SQL语句中的"{name}"相同的参数名称我们发送到AddArrayParameters。 AddArrayParameters将用正确的参数替换该值。因为这里
cmd.Parameters.AddWithValue("@names", names);
要传递一个值names
这太棒了,谢谢!只需要改变string.Join(separator,parameterNames)为string.Join(separator,parameterNames.ToArray())。 – user2181948
这个答案部分已被复制[this one](http:// stackoverflow。com/questions/2377506/pass-array-parameter-in-sqlcommand)没有归属地。请根据需要查看您的帖子和属性。 – spender
@spender谢谢你指出我的错误,我已经更新了我的答案。 –
当您在IN中使用参数化查询时,应该为每个值使用一个参数。我的意思是你不应该使用一个参数值为“A,B,C”。相反,你应该使用这样的查询。
"SELECT * FROM products WHERE LOWER(name) IN (@name1, @name2, @name3);"
在今天的另一个问题上,我为此写了一个例子。请检查this answer
你的C#代码没有工作。它是而不是三个参数。 所以,你相当于SQL查询会像
SELECT * FROM products WHERE LOWER(name) IN ("'a', 'b', 'c'");
和不匹配会被发现。要了解更多关于IN clause及其误解,请看看这篇不错的文章Arrays and Lists in SQL Server
理想的参数必须是单个值。你可以这样做
SELECT * FROM products WHERE LOWER(name) IN (@name1, @name2, @name3);
它很简单,干净。 但你也可以尝试在单个参数传递多个值喜欢这里 Parameterize an SQL IN clause 和Having multiple values assigned to a single ADO.Net SqlClient parameter
进行查询和操作正确传递参数。 – Valkyrie