mad*_*3sm 2 c# entity-framework-4
如何将由逗号分隔的整数数组ExecuteStoreCommand作为参数传递给实体中我无法执行此操作:
this.ObjectContext.ExecuteStoreCommand("INSERT INTO SurveyPatientListMrns
(UserData, MrnId) SELECT DISTINCT '{0}' , MrnId
FROM PatientVisits WHERE (FacilityId = {1})
AND (UnitId IN ({2}))", userData, facilityId, (string.Join(",", unitIds)));
这(string.Join(",", unitIds))是一个字符串,由于逗号,我无法将其转换为整数.我怎么能传递参数呢?
仅供参考,unitIds是一个整数数组
虽然它看起来像一个string.Format操作,但是ExecuteStoreCommand在内部构建参数化查询以提高性能并帮助保护您免受SQL注入攻击.(MSDN)
当你将你string.Join的参数作为参数时ExecuteStoreCommand,它将该结果视为该IN子句的值列表,而不是恰好看起来像一个字符串的字符串.基本上它会生成一个如下所示的IN子句:
(UnitId IN ('1,2,3'))
这显然不是你想要的.
您将不得不使用BEFORE传递它的string.Join-ed列表构建SQL命令:uinitIdsExecuteStoreCommand
string query = @"INSERT INTO SurveyPatientListMrns (UserData, MrnId)
SELECT DISTINCT '{0}' , MrnId
FROM PatientVisits WHERE (FacilityId = {1}) AND
(UnitId IN (" + string.Join(",", unitIds) + "))";
this.ObjectContext.ExecuteStoreCommand(query, userData, facilityId);
通常,应该避免动态构建SQL查询,因为可能存在SQL注入攻击,但在这种情况下,您知道这unitIds是一个整数列表,因此您应该没问题.