In CMS. We often search based on certain conditions. If you do not select this condition, you cannot place it in SQL.
Maybe we can use our own SQL statement to implement this query. Then filter out some dangerous parameters.
But a bad thing about parameter filtering is. Some information is filtered out.
In Castle activerecord, the most basic query is by passing parameters.
Scalarquery <xxinfo> query = new scalarquery <xxinfo> (typeof (xxinfo), hql, ID );
If passing parameters is used, it will be troublesome in activerecord. Hard to write
So we wrote a simple class to solve this situation (it is unclear whether it provides similar processing classes and methods) and fixed the bug/** // Fengyun lovebanyi.cnblogs.com
Public class myquery <t>: simplequery <t>
{
Public myquery (string query)
: Base (query)
{
}
Private int I = 0;
Public void addcondition (string porperty, string @ operator, object parm)
{
If (I = 0)
{
Base. query + = "where" + porperty + "" + @ operator + "? ";
}
Else
{
Base. query + = "and" + porperty + "" + @ operator + "? ";
}
Base. addmodifier (New Castle. activerecord. Queries. modifiers. queryparameter (I ++, parm ));
}
Public void addcondition (string condition)
{
If (I = 0)
{
Base. query + = "where" + condition;
}
Else
{
Base. query + = "and" + condition;
}
}
Public void addcondition (string condition, object parm)
{
Addcondition (condition );
Base. addmodifier (New Castle. activerecord. Queries. modifiers. queryparameter (I ++, parm ));
}
Public void addcondition (string condition, list <Object> parms)
{
Addcondition (condition );
For (Int J = 0; j <parms. Count; j ++)
{
Base. addmodifier (New Castle. activerecord. Queries. modifiers. queryparameter (I ++, parms [J]);
}
}
Private system. Text. regularexpressions. RegEx regcount = new system. Text. regularexpressions. RegEx ("^ select (.*?) From ", system. Text. regularexpressions. regexoptions. Compiled | system. Text. regularexpressions. regexoptions. ignorecase | system. Text. regularexpressions. regexoptions. singleline );
Protected override string preparequeryforcount (string countquery)
{
If (regcount. ismatch (countquery ))
{
Countquery = regcount. Replace (countquery, "select count (*) from ");
}
Else
{
Countquery = "select count (*)" + countquery;
}
Return countquery;
}
V2 adds a new code. In this way, no public myquery (type targettype, string query) error occurs when you return myquery <int>)
: Base (targettype, query)
{
}
Use (written in entiy class) string hql = "from supplier ";
Myquery <supplier> query = new myquery <supplier> (hql );
Query. setqueryrange (START, maxresults );
Query. addcondition ("name", "like", "%" + name + "% ");
Query. addcondition ("Number", "=", "0592 ");
Return query. Execute ();
Of course, you can process the operators again. Better prevents errors and speeds up
Another small example:/files/lovebanyi/myqueryexample.txt
V0.2http: // files.cnblogs.com/lovebanyi/myqueryv0.2.txt