如何检查IsNullOrEmpty中的RawSQL。如果控制号和发送方ID都具有值,则检查两者的条件。如果单独拥有发送方ID,则像单独检查发送方ID的条件,如果它单独拥有controlnumber,就像仅检查controlnumber的条件一样。它显示类似
*附近的语法不正确
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = "*" + controlNumber + "*";
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = "*" + senderNumber + "*";
}
var fileDetail = context.FileDetails
.SqlQuery("select * from FileDetails where @" + controlNumber.ToString()
+" is not null OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString()
+ "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString()+"%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
答案 0 :(得分:1)
您追加的*过多,结果查询无法正确构建。相应地检查条件:
using (var context = new BSoftWEDIIContext())
{
if (!string.IsNullOrEmpty(controlNumber))
{
controlNumber = controlNumber;
}
if (!string.IsNullOrEmpty(senderNumber))
{
senderNumber = senderNumber;
}
var fileDetail = context.FileDetails.SqlQuery("select * from FileDetails where " + controlNumber.ToString() + " is not null" + " OR CONVERT(varchar(max), RawData) like '%" + controlNumber.ToString() + "%' AND CONVERT(varchar(max), RawData) like '%" + senderNumber.ToString() + "%'").ToList();
matchedFileId = fileDetail?.Select(a => a.Id).ToList();
}
注意:此方法易于进行SQL注入,因此完全不建议使用。请通过以下链接阅读有关参数化查询和最佳做法的信息: