Question

我正在尝试使用C＃和asp.net在项目中实现用户权限管理。我想要做的只是根据登录名向用户显示相关页面。我写了很多SQL select命令。

有没有办法只在SQL select命令中更改WHERE部分？我的意思是例如当用户点击按钮时

...WHERE REGION='IC'变为...WHERE REGION<>'IC'

或者，您可以建议其他任何实践来实施这种情况吗？

提前致谢

编辑：我的选择命令

SELECT * FROM (SELECT Firma,BOLGE,SUM(KDV_MATRAHI) AS TUTAR from SATISLAR_T WHERE DAHIL=0 AND REGION=REGION  GROUP BY Firma,BOLGE UNION SELECT Firma,CH_YETKI_KODU AS BOLGE, SUM(KDV_MATRAHI)  AS TUTAR
FROM LNX_STD_6_016_01_SLSINVOICES WHERE MALZEME_OZEL_KODU<>'DİĞER GLR'   AND REGION=REGION GROUP BY REGION, Firma) AS BOLGE
  PIVOT
(
SUM(TUTAR)
    FOR Firma IN ([008] ,[009] ,[010] ,[011], [012], [013], [014] ,[015],[016])
)AS pvt

用户点击按钮后：

SELECT * FROM (SELECT Firma,BOLGE,SUM(KDV_MATRAHI) AS TUTAR from SATISLAR_T WHERE DAHIL=0 AND REGION='IC'  GROUP BY Firma,BOLGE UNION SELECT Firma,CH_YETKI_KODU AS BOLGE, SUM(KDV_MATRAHI)  AS TUTAR
FROM LNX_STD_6_016_01_SLSINVOICES WHERE MALZEME_OZEL_KODU<>'DİĞER GLR'   AND REGION<>'IC' GROUP BY CH_YETKI_KODU, Firma) AS BOLGE
  PIVOT
(
SUM(TUTAR)
    FOR Firma IN ([008] ,[009] ,[010] ,[011], [012], [013], [014] ,[015],[016])
)AS pvt

Answer 1

快速而肮脏的方式是pass a parameter

where 
  ((@Param=1 and REGION = 'IC')
    or
  (@Param=2 and REGION <> 'IC'))

Answer 2

我在建立SQL时建议格式化：

// depending on condition 
// we put either REGION='IC' or REGION<>'IC' instead of {0} place holder
string sql = string.Format( 
    // Make slq readable and maintainable, use @ verbatim strings
  @"select ...
     where {0} 
     ...", condition ? "REGION='IC'" : "REGION<>'IC'"); 

using (var command = new SqlCommand(connection)) {
  command.CommandText = sql;
  ...
}

如果是 C＃6.0 ， string interpotaion 是另一种选择：

string sql =  
  $@"select ...
      where {(condition ? "REGION='IC'" : "REGION<>'IC'")} 
      ...";

Answer 3

实现该功能的显而易见的方法是将两个不同的查询作为函数，并根据按钮的状态调用适当的查询。不需要聪明的代码或技巧。

在运行时更改WHERE部分中的SQL select命令运算符

3 个答案: