时间:2016-02-15 21:36 来源: 我爱IT技术网 作者:佚名
欢迎您访问我爱IT技术网,今天小编为你分享的编程技术是:【防SQL注入 生成参数化的通用分页查询语句】,下面是详细的讲解!
防SQL注入 生成参数化的通用分页查询语句
public class PagerQuery
{
private int _pageIndex;
private int _pageSize=20;
private string _pk;
private string _fromClause;
private string _groupClause;
private string _selectClause;
private string _sortClause;
private StringBuilder _whereClause;
public DateTime DateFilter=DateTime.MinValue;
protected QueryBase()
{
_whereClause=new StringBuilder();
}
/// <summary>
/// 主键
/// </summary>
public string PK
{
get { return _pk; }
set { _pk=value; }
}
public string SelectClause
{
get { return _selectClause; }
set { _selectClause=value; }
}
public string FromClause
{
get { return _fromClause; }
set { _fromClause=value; }
}
public StringBuilder WhereClause
{
get { return _whereClause; }
set { _whereClause=value; }
}
public string GroupClause
{
get { return _groupClause; }
set { _groupClause=value; }
}
public string SortClause
{
get { return _sortClause; }
set { _sortClause=value; }
}
/// <summary>
/// 当前页数
/// </summary>
public int PageIndex
{
get { return _pageIndex; }
set { _pageIndex=value; }
}
/// <summary>
/// 分页大小
/// </summary>
public int PageSize
{
get { return _pageSize; }
set { _pageSize=value; }
}
/// <summary>
/// 生成缓存Key
/// </summary>
/// <returns></returns>
public override string GetCacheKey()
{
const string keyFormat="Pager-SC:{0}-FC:{1}-WC:{2}-GC:{3}-SC:{4}";
return string.Format(keyFormat, SelectClause, FromClause, WhereClause, GroupClause, SortClause);
}
/// <summary>
/// 生成查询记录总数的SQL语句
/// </summary>
/// <returns></returns>
public string GenerateCountSql()
{
StringBuilder sb=new StringBuilder();
sb.AppendFormat(" from {0}", FromClause);
if (WhereClause.Length > 0)
sb.AppendFormat(" where 1=1 {0}", WhereClause);
if (!string.IsNullOrEmpty(GroupClause))
sb.AppendFormat(" group by {0}", GroupClause);
return string.Format("Select count(0) {0}", sb);
}
/// <summary>
/// 生成分页查询语句,包含记录总数
/// </summary>
/// <returns></returns>
public string GenerateSqlIncludeTotalRecords()
{
StringBuilder sb=new StringBuilder();
if (string.IsNullOrEmpty(SelectClause))
SelectClause="*";
if (string.IsNullOrEmpty(SortClause))
SortClause=PK;
int start_row_num=(PageIndex - 1)*PageSize + 1;
sb.AppendFormat(" from {0}", FromClause);
if (WhereClause.Length > 0)
sb.AppendFormat(" where 1=1 {0}", WhereClause);
if (!string.IsNullOrEmpty(GroupClause))
sb.AppendFormat(" group by {0}", GroupClause);
string countSql=string.Format("Select count(0) {0};", sb);
string tempSql=
string.Format(
"WITH t AS (SELECT ROW_NUMBER() OVER(ORDER BY {0}) as row_number,{1}{2}) Select * from t where row_number BETWEEN {3} and {4};",
SortClause, SelectClause, sb, start_row_num, (start_row_num + PageSize - 1));
return tempSql + countSql;
}
/// <summary>
/// 生成分页查询语句
/// </summary>
/// <returns></returns>
public override string GenerateSql()
{
StringBuilder sb=new StringBuilder();
if (string.IsNullOrEmpty(SelectClause))
SelectClause="*";
if (string.IsNullOrEmpty(SortClause))
SortClause=PK;
int start_row_num=(PageIndex - 1)*PageSize + 1;
sb.AppendFormat(" from {0}", FromClause);
if (WhereClause.Length > 0)
sb.AppendFormat(" where 1=1 {0}", WhereClause);
if (!string.IsNullOrEmpty(GroupClause))
sb.AppendFormat(" group by {0}", GroupClause);
return
string.Format(
"WITH t AS (SELECT ROW_NUMBER() OVER(ORDER BY {0}) as row_number,{1}{2}) Select * from t where row_number BETWEEN {3} and {4}",
SortClause, SelectClause, sb, start_row_num, (start_row_num + PageSize - 1));
}
}
关于防SQL注入 生成参数化的通用分页查询语句的用户互动如下:
相关问题:
答: >>详细
相关问题:
答: >>详细
相关问题:
答: >>详细
- 【创建】ASP.NET Web API教程 创建域模型的方法详
- 【服务器】asp.net页面状态管理cookie和服务器状
- 【Repeater控件】.NET实现Repeater控件+AspNetPag
- 【客户端】获取客户端IP地址c#/vb.net各自实现代
- 【asp】asp.net上传execl文件后 在页面上加载显示
- 【Excel】页面导出为Excel的时间格式的问题-时间
- 【ref】asp.net(c#)ref out params的区别-out-pa
- 【数据控件】asp.net获得数据控件事件索引并获取
- 【NET】10个.NET中删除空白字符串的方法-删除空白
- 【web】web.config配置连接字符串的方法-config配
- 评论列表(网友评论仅供网友表达个人看法,并不表明本站同意其观点或证实其描述)
-