NSPredicate按名称传递“多个”参数[在Swift中]

时间:2016-07-01 02:58:46

标签: ios swift core-data nspredicate

是否可以通过命名而不是program mixed2 implicit none integer :: num, val1, val2, val3 character(len=50) :: line integer :: io_stat open(unit=100, file='data.dat', action='READ', status='OLD') do read(100, '(A)', iostat=io_stat) line if (io_stat /= 0) exit call get_values(line, num, val1, val2, val3) print *, num, val1, val2, val3 end do close(100) contains subroutine get_values(line, n, v1, v2, v3) implicit none character(len=*), intent(in) :: line integer, intent(out) :: n, v1, v2, v3 integer :: idx ! Search for "number#" idx = index(line, 'number#') + len('number#') ! Get the integer after that word read(line(idx:idx+3), '(I4)') n idx = index(line, 'var1') + len('var1=') read(line(idx:idx+3), '(I4)') v1 idx = index(line, 'var2') + len('var3=') read(line(idx:idx+3), '(I4)') v2 idx = index(line, 'var3') + len('var3:') read(line(idx:idx+3), '(I4)') v3 end subroutine get_values end program mixed2

将多个参数传递给NSPredicate

例如,我有%@个参数directly-passedme

you

注意:public static func ConversationByUserId( userId : String ) -> [Message] { // Either Created By me and sent to you. // Or, created by you and sent to me let me = UserRepo.GetLoggedInUser()?.id var format = "( createdBy == '" + me! + "' && createdTo == '" + userId + "') " format += " || ( createdBy == '" + userId + "' && createdTo == '" + me! + "') " print(format) //prints: ( createdBy == '1' && createdTo == '5') || ( createdBy == '5' && createdTo == '1') let predicate = NSPredicate(format: format) return Filter(predicate); } 执行操作并返回结果。到现在为止还挺好。我得到了预期的结果。但是,我想这可能会出现SQL攻击等问题。

我可以做下面的事情:如果有,怎么做?

Filter(predicate)

到目前为止,我所取得的成就是:

  var format = "( createdBy == @me  && createdTo == @you ) "
  format += " || ( createdBy == @you  && createdTo == @me ) "


 let predicate = NSPredicate(format:  format, [ "me" : me, "you" : you ])

2 个答案:

答案 0 :(得分:5)

您可以使用NSPredicate的predicateWithSubstitutionVariables(请参阅Apple Docs)。像往常一样创建谓词,使用“$ variable”代替要替换的值:

var format = "( createdBy == $me  && createdTo == $you ) "
format += " || ( createdBy == $you  && createdTo == $me ) "
let predicate = NSPredicate(format:  format)

然后创建一个包含变量名称和要传递的值的字典:

let subVars = ["me" : me!, "you" : you!]

最后创建谓词,变量名称由您的值替换:

let finalPredicate = predicate.predicateWithSubstitutionVariables(subVars)

答案 1 :(得分:2)

注意:您不会在iOS应用程序中进行SQL注入攻击。除非您让用户键入SQL然后将SQL发送到 server 某处,否则不存在SQL注入攻击的风险。

核心数据和NSPredicate不会那样工作。

说完了;您可以使用NSExpression个实例,并通过NSComparisonPredicate件的组合构建NSExpression

let me = 1123 //Example value

let test = [["createdBy":1124,"name":"Fred"],["createdBy":1123,"name":"Jane"]] as NSArray

let lhs = NSExpression(forKeyPath: "createdBy")
let rhs = NSExpression(forConstantValue: me)

let predicate = NSComparisonPredicate(leftExpression: lhs, rightExpression: rhs, modifier: NSComparisonPredicateModifier.DirectPredicateModifier, type: NSPredicateOperatorType.EqualToPredicateOperatorType, options: [])

let results = test.filteredArrayUsingPredicate(predicate)
print("Results: \(results)")

NSComparisonPredicateNSCompoundPredicate结合使用,即可构建您想要的任何内容。

相关问题
最新问题