当我在何处检查条件时,我需要基于senderId更新IsIgnored字段,它不能识别我从循环中比较的senderId。它会引发类似歧义列名'senderid'的异常。为此指导我解决此问题。 / p>
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID =senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
尝试如下:
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID ='149825353' and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter
{
ParameterName = "senderId",
DbType = System.Data.DbType.String,
Value = senderId
});
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0", new SqlParameter("@senderId", senderId));
答案 0 :(得分:0)
您需要将sql参数添加到查询中。
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
context.EDIDocuments.ExecuteSqlCommand("Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID=@senderId and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0",
new SqlParameter
{
ParameterName = "senderId",
DbType = DbType.Int32,
Value = senderId
});
}
}
答案 1 :(得分:0)
foreach (var senderId in senderIdList)
{
using (var context = new BSoftWEDIIContext())
{
var ediDocuments = context.EDIDocuments.SqlQuery($"Update EDIDocument SET IsIgnored=1 from EDIDocument edi inner JOIN FileDetails files on edi.FileDetailsId = files.Id where edi.IsDeleted = 0 and edi.SenderID={senderId} and edi.DocumentTypeID != 3 and edi.DocumentTypeID != 5 and edi.DocumentTypeID != 2 and edi.IsIgnored = 0 and files.IsDeleted = 0" );
}
}
但是这种方法有可能进行SQL注入。
答案 2 :(得分:0)
您应该知道的第一件事是DbSet.SqlQuery()方法,该方法主要用于执行SELECT语句,该语句根据相应的实体类型(即DbSet名称)返回结果集。如果要执行类似UPDATE命令的动作查询,则应使用Database.ExecuteSqlCommand()和SqlParameter[]数组作为参数,如下例所示:
string rawQuery = @"Update EDIDocument SET IsIgnored = 1 From EDIDocument AS edi
INNER JOIN FileDetails AS files on edi.FileDetailsId = files.Id
where edi.IsDeleted = 0 and edi.SenderID = @senderId
and edi.DocumentTypeID <> 3 and edi.DocumentTypeID <> 5
and edi.DocumentTypeID <> 2 and edi.IsIgnored = 0 and files.IsDeleted = 0";
using (var context = new BSoftWEDIIContext())
{
foreach (var senderId in senderIdList)
{
var queryParams = new List<SqlParameter>();
queryParams.Add(new SqlParameter("@senderId", senderId));
var ediDocuments = context.Database.ExecuteSqlCommand(rawQuery, queryParams.ToArray());
}
}
注意:
DbSet.SqlQuery()和Database.ExecuteSqlCommand()方法的第二个参数都使用object[]数组,因此您需要将参数传递到数组中,而不是直接使用它们。
参考: