我需要在MySQL数据库中插入未知数量的行。这些行在词典列表中。
列表中的每个字典代表一行。对于每一行,字典key包含列名,而value包含该行的列数据。
我已经实现了这样的目标-
public long InsertMultiple(string TableName, List<Dictionary<string, string>> listMultipleRows)
{
try
{
string columnNames = null;
StringBuilder sCommand = new StringBuilder();
List<string> Rows = new List<string>();
int columnLength = listMultipleRows.First().Select(x => x.Key).ToArray().Length;
//Fetching required column names.
if (listMultipleRows.Count > 0)
columnNames = string.Join(", ", listMultipleRows.First().Select(x => x.Key).ToArray());
//Preparing command
if (columnNames != null)
sCommand = new StringBuilder("INSERT INTO " + TableName + " (" + columnNames + ") VALUES ");
//Preparing column format like - '{0}','{1}'......
string columnFormat = "(";
for (int i = 0; i < columnLength; i++)
{
if (i != 0)
columnFormat = columnFormat + ",";
columnFormat = columnFormat + "'{" + i + "}'";
}
columnFormat = columnFormat + ")";
//Appending each row values. Actual rows which needs to be inserted.
foreach (Dictionary<string, string> row in listMultipleRows)
{
Rows.Add(string.Format(columnFormat, row.Select(x => MySql.Data.MySqlClient.MySqlHelper.EscapeString(x.Value)).ToArray()));
}
sCommand.Append(string.Join(",", Rows));
sCommand.Append(";");
MySqlCommand Comm = new MySqlCommand();
Comm.CommandText = sCommand.ToString();
Comm.Connection = m_Conn;
//One shot insertion operation
return Convert.ToInt64(ExecuteScalar(Comm));
}
catch (Exception Ex)
{
return 0;
}
}
2800条记录的执行时间约为500毫秒。太棒了。 我担心的是SQL注入。通常,我们使用 参数化查询以避免SQL注入。但就我而言, 可以大量使用,因此不能创建太多参数。在那儿 这个问题的解决方案?还是更好的方法?