-
Notifications
You must be signed in to change notification settings - Fork 861
动态操作
2881099 edited this page Aug 13, 2022
·
24 revisions
FreeSql 提供 Where(sql)、GroupBy(sql)、OrderBy(sql)、ToList(sql) 等直接使用 SQL 片段的 API。
使用这些 API 时请务必注意SQL注入安全问题。
不建议前端直接 POST SQL 到后端使用它们,而应该在后端做一层映射,例如:
var whereMapping = new Dictionary<string, string>
{
["where1"] = "a.id > {0}",
["where2"] = "len(a.name) > {0}"
};
var orderByMapping = new Dictionary<string, string>
{
["order1"] = "a.id asc, a.name desc",
["order2"] = "len(a.name) desc"
};
//假设前端 POST 内容是 postWhere=where1&postWhereValue=100&postOrder=order1
fsql.Select<Region>()
.WhereIf(
whereMapping.TryGetValue(postWhere, out var whereSql),
string.Format(whereSql, postWhereValue)
)
.OrderBy(
orderByMapping.TryGetValue(postOrder, out var orderSql),
orderSql
)
fsql.Insert<object>().AsType(实体类型)
.AppendData(data)
.ExecuteAffrows();
fsql.Update<object>().AsType(实体类型)
.SetSource(data)
.ExecuteAffrows();
fsql.Select<object>().AsType(实体类型)
.Where(a => (a as BaseEntity).Id == 1)
.ExecuteAffrows();
//或者仓储
var repo = fsql.GetRepository<object>();
repo.AsType(实体类型);
repo.Insert(..);
repo.Update(..);
repo.Delete(..);
repo.InsertOrUpdate(..);
var dic = new Dictionary<string, object>();
dic.Add("id", 1);
dic.Add("name", "xxxx");
fsql.InsertDict(dic).AsTable("table1").ExecuteAffrows();
fsql.UpdateDict(dic).AsTable("table1").WherePrimary("id").ExecuteAffrows();
fsql.DeleteDict(dic).AsTable("table1").ExecuteAffrows();
fsql.InsertOrUpdateDict(dic).AsTable("table1").WherePrimary("id").ExecuteAffrows();
InsertDict/UpdateDict/DeleteDict/InsertOrUpdateDict 都支持批量操作,对应类型 List<Dictionary<string, object>>
1、ISelect.Where(string sql) 使用原生条件:
fsql.Select<Region>().Where("a.id > 0") //提示:存在SQL注入安全问题
2、ISelect.WhereDynamicFilter 方法实现动态过滤条件(与前端交互),支持的操作符:
- Contains/StartsWith/EndsWith/NotContains/NotStartsWith/NotEndsWith:包含/不包含,like '%xx%',或者 like 'xx%',或者 like '%xx'
- Equal/NotEqual:等于/不等于
- GreaterThan/GreaterThanOrEqual:大于/大于等于
- LessThan/LessThanOrEqual:小于/小于等于
- Range:范围查询
- DateRange:日期范围,有特殊处理 value[1] + 1
- Any/NotAny:是否符合 value 中任何一项(直白的说是 SQL IN)
- Custom:自定义解析
DynamicFilterInfo dyfilter = JsonConvert.DeserializeObject<DynamicFilterInfo>(@"
{
""Logic"": ""And"",
""Filters"":
[
{ ""Field"": ""id"", ""Operator"": ""Equals"", ""Value"": 1 },
{
""Logic"": ""Or"",
""Filters"":
[
{ ""Field"": ""id"", ""Operator"": ""Equals"", ""Value"": 2 },
{ ""Field"": ""id"", ""Operator"": ""Equals"", ""Value"": 3 }
]
}
]
}");
fsql.Select<Region>().WhereDynamicFilter(dyfilter).ToList();
//WHERE id = 1 AND (id = 2 OR id = 3)
《高效理解 FreeSql WhereDynamicFilter,深入了解设计初衷》
1、ISelect.OrderBy(string sql) 使用原生排序:
fsql.Select<Region>().OrderBy("a.id desc") //提示:存在SQL注入安全问题
2、ISelect.OrderByPropertyName 使用属性名排序:
- 支持导航属性,比如 OrderByPropertyName("Parent.Code")
- 支持多表查询,比如 OrderByPropertyName("b.Code")
1、ISelect.IncludeByPropertyName 方法实现动态贪婪加载,对应 Include/IncludeMany:
fsql.Select<Region>()
.IncludeByPropertyName("Parent.Parent.Parent") //ManyToOne/OneToOne
.IncludeByPropertyName("Childs") //OneToMany/ManyToMany/PgArrayToMany
.IncludeByPropertyName("Childs", then => then
.IncludeByPropertyName("Parent.Parent")
.IncludeByPropertyName("Parent.Childs")) //向下加载,可以向下 100 层
.ToList();
2、List<TDto>.IncludeByPropertyName 扩展方法也实现了 OneToMany 动态贪婪加载:
var dtos = fsql.Select<Region>().ToList<Dto>();
//非实体类型,也可以级联加载,他们不需要配置导航属性关系
dtos.IncludeByPropertyName(
orm: fsql,
property: "Childs",
where: "ParentId=Id", //临时关系
take: 5,
select: "id,name",
then => then.IncludeByPropertyName("Parent")
);
1、ISelect.ToList 使用原生SQL返回数据:
List<(int, string)> list = fsql.Select<Region>()
.ToList<(int, string)>("a.id,a.name") //提示:存在SQL注入安全问题
2、ISelect.ToDataTableByPropertyName 使用属性名返回数据:
DataTable dt = fsql.Select<Region>()
.ToDataTableByPropertyName(new [] {
"Parent.Code", //导航属性模式
"b.Id" //多表查询模式
});