也许我们可以用自己拼装sql语句的方式很好的实现这种查询。然后再前面过滤掉一些危险的参数
但是参数过滤有一个不好的地方是。会把一些信息给过滤掉了。
在castle ActiveRecord里面我们最基本的查询都是靠传参的形式了。
ScalarQuery<xxInfo> query = new ScalarQuery<xxInfo>(typeof(xxInfo), hql,ID);
如果用传参的话我们感觉在 ActiveRecord里会比较麻烦。写起来不顺
于是我们自己写了一简单的类来处下这种情况(不清楚它是否提供类似的处理类,方法)也修正了一下bug
/**////风云 lovebanyi.cnblogs.com
public class MyQuery<T> : SimpleQuery<T>
{
public MyQuery(string query)
: base(query)
{
}
private int i = 0;
public void AddCondition(string porperty, string @operator, object parm)
{
if (i == 0)
{
base.Query += " where " + porperty + " " + @operator + " ?";
}
else
{
base.Query += " and " + porperty + " " + @operator + " ?";
}
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parm));
}
public void AddCondition(string condition)
{
if (i == 0)
{
base.Query += " where " + condition;
}
else
{
base.Query += " and "+ condition;
}
}
public void AddCondition(string condition, object parm)
{
AddCondition(condition);
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parm));
}
public void AddCondition(string condition, List<object> parms)
{
AddCondition(condition);
for (int j = 0; j < parms.Count; j++)
{
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parms[j]));
}
}
private System.Text.RegularExpressions.Regex regCount = new System.Text.RegularExpressions.Regex("^select(.*?)from", System.Text.RegularExpressions.RegexOptions.Compiled | System.Text.RegularExpressions.RegexOptions.IgnoreCase | System.Text.RegularExpressions.RegexOptions.Singleline);
protected override string PrepareQueryForCount(string countQuery)
{
if (regCount.IsMatch(countQuery))
{
countQuery = regCount.Replace(countQuery, "select count(*) from");
}
else
{
countQuery = "select count(*) " + countQuery;
}
return countQuery;
}
V2 新加一个代码。这样你在返回MyQuery<int>的时候不会出错public class MyQuery<T> : SimpleQuery<T>
{
public MyQuery(string query)
: base(query)
{
}
private int i = 0;
public void AddCondition(string porperty, string @operator, object parm)
{
if (i == 0)
{
base.Query += " where " + porperty + " " + @operator + " ?";
}
else
{
base.Query += " and " + porperty + " " + @operator + " ?";
}
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parm));
}
public void AddCondition(string condition)
{
if (i == 0)
{
base.Query += " where " + condition;
}
else
{
base.Query += " and "+ condition;
}
}
public void AddCondition(string condition, object parm)
{
AddCondition(condition);
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parm));
}
public void AddCondition(string condition, List<object> parms)
{
AddCondition(condition);
for (int j = 0; j < parms.Count; j++)
{
base.AddModifier(new Castle.ActiveRecord.Queries.Modifiers.QueryParameter(i++, parms[j]));
}
}
private System.Text.RegularExpressions.Regex regCount = new System.Text.RegularExpressions.Regex("^select(.*?)from", System.Text.RegularExpressions.RegexOptions.Compiled | System.Text.RegularExpressions.RegexOptions.IgnoreCase | System.Text.RegularExpressions.RegexOptions.Singleline);
protected override string PrepareQueryForCount(string countQuery)
{
if (regCount.IsMatch(countQuery))
{
countQuery = regCount.Replace(countQuery, "select count(*) from");
}
else
{
countQuery = "select count(*) " + countQuery;
}
return countQuery;
}
public MyQuery(Type targetType, string query)
: base(targetType, query)
{
}
: base(targetType, query)
{
}
使用 (写在entiy的类中)
string hql = "from Supplier";
MyQuery<Supplier> query = new MyQuery<Supplier>(hql);
query.SetQueryRange(start, maxResults);
query.AddCondition("Name","like","%"+name+"%");
query.AddCondition("Number","=","0592");
return query.Execute();
当然你可以对操作符再次进行一些处理。更好的防止写错和加快速度MyQuery<Supplier> query = new MyQuery<Supplier>(hql);
query.SetQueryRange(start, maxResults);
query.AddCondition("Name","like","%"+name+"%");
query.AddCondition("Number","=","0592");
return query.Execute();
另一个小例子/Files/lovebanyi/MyQueryExample.txt
v0.2http://files.cnblogs.com/lovebanyi/myqueryV0.2.txt