博客
关于我
强烈建议你试试无所不能的chatGPT,快点击我
EF Core 2.1 Raw SQL Queries (转自MSDN)
阅读量:6682 次
发布时间:2019-06-25

本文共 7339 字,大约阅读时间需要 24 分钟。

Entity Framework Core allows you to drop down to raw SQL queries when working with a relational database. This can be useful if the query you want to perform can't be expressed using LINQ, or if using a LINQ query is resulting in inefficient SQL being sent to the database. Raw SQL queries can return entity types or, starting with EF Core 2.1, that are part of your model.

TipYou can view this article's  on GitHub.

 

 

Limitations

There are a few limitations to be aware of when using raw SQL queries:

  • The SQL query must return data for all properties of the entity or query type.
  • The column names in the result set must match the column names that properties are mapped to. Note this is different from EF6 where property/column mapping was ignored for raw SQL queries and result set column names had to match the property names.
  • The SQL query cannot contain related data. However, in many cases you can compose on top of the query using the Include operator to return related data (see ).
  • SELECT statements passed to this method should generally be composable: If EF Core needs to evaluate additional query operators on the server (for example, to translate LINQ operators applied after FromSql), the supplied SQL will be treated as a subquery. This means that the SQL passed should not contain any characters or options that are not valid on a subquery, such as:
    • a trailing semicolon
    • On SQL Server, a trailing query-level hint (for example, OPTION (HASH JOIN))
    • On SQL Server, an ORDER BY clause that is not accompanied of TOP 100 PERCENT in the SELECT clause
  • SQL statements other than SELECT are recognized automatically as non-composable. As a consequence, the full results of stored procedures are always returned to the client and any LINQ operators applied after FromSql are evaluated in-memory.

 

 

Basic raw SQL queries

You can use the FromSql extension method to begin a LINQ query based on a raw SQL query

var blogs = context.Blogs    .FromSql("SELECT * FROM dbo.Blogs")    .ToList();

Raw SQL queries can be used to execute a stored procedure.

var blogs = context.Blogs    .FromSql("EXECUTE dbo.GetMostPopularBlogs")    .ToList();

Use SqlParameter instance to specify the value of IN or OUT parameters to execute a stored procedure as below:

int totalRowCount = default(int);var paramLanguageCode = new SqlParameter("@languageCode", languageCode);var paramCurrentPage = new SqlParameter("@currentPage", currentPage);var paramPageSize = new SqlParameter("@pageSize", pageSize);var paramOutTotalRowCount = new SqlParameter("@totalRowCount", totalRowCount){    Direction = ParameterDirection.Output};//var paramOutTotalRowCount = new SqlParameter()//{//    ParameterName = "@totalRowCount",//    Direction = ParameterDirection.Output,//    SqlDbType = SqlDbType.Int//};//var parameterQuestionaryCode = new SqlParameter()//{//    ParameterName = "@questionaryCode",//    SqlDbType = SqlDbType.NVarChar,//    Direction = ParameterDirection.Output,//    Size = 50 //注意如果是SqlDbType.NVarChar的Output参数,记得还要定义Size的大小,否者执行的时候会报错//};var categoriesView = context.SP_GetCategoriesViewInPage.FromSql("EXEC [MD].[SP_GetCategoriesViewInPage] @languageCode, @currentPage, @pageSize, @totalRowCount OUT", paramLanguageCode, paramCurrentPage, paramPageSize, paramOutTotalRowCount).ToList();totalRowCount = Convert.ToInt32(paramOutTotalRowCount.Value);

同样INOUT参数也可以用于执行DbContext.Database.ExecuteSqlCommand方法,来返回存储过程的OUT参数值,如下所示:

int totalRowCount = default(int);var paramLanguageCode = new SqlParameter("@languageCode", languageCode);var paramCurrentPage = new SqlParameter("@currentPage", currentPage);var paramPageSize = new SqlParameter("@pageSize", pageSize);var paramOutTotalRowCount = new SqlParameter("@totalRowCount", totalRowCount){    Direction = ParameterDirection.Output};//var paramOutTotalRowCount = new SqlParameter()//{//    ParameterName = "@totalRowCount",//    Direction = ParameterDirection.Output,//    SqlDbType = SqlDbType.Int//};//var parameterQuestionaryCode = new SqlParameter()//{//    ParameterName = "@questionaryCode",//    SqlDbType = SqlDbType.NVarChar,//    Direction = ParameterDirection.Output,//    Size = 50 //注意如果是SqlDbType.NVarChar的Output参数,记得还要定义Size的大小,否者执行的时候会报错//};context.Database.ExecuteSqlCommand("EXEC [MD].[SP_GetCategoriesViewInPage] @languageCode, @currentPage, @pageSize, @totalRowCount OUT", paramLanguageCode, paramCurrentPage, paramPageSize, paramOutTotalRowCount);totalRowCount = Convert.ToInt32(paramOutTotalRowCount.Value);

下面代码展示了如何创建一个SQL Server数据库DECIMAL(8,4)类型的SqlParameter参数@Price

private static void AddSqlParameter(SqlCommand command){    SqlParameter parameter = new SqlParameter("@Price", SqlDbType.Decimal);    parameter.Value = 3.1416;    parameter.Precision = 8;    parameter.Scale = 4;    command.Parameters.Add(parameter);}

 

更多关于SqlParameter的信息,请参阅""

 

 

 

Passing parameters

As with any API that accepts SQL, it is important to parameterize any user input to protect against a SQL injection attack. You can include parameter placeholders in the SQL query string and then supply parameter values as additional arguments. Any parameter values you supply will automatically be converted to a DbParameter.

The following example passes a single parameter to a stored procedure. While this may look like String.Format syntax, the supplied value is wrapped in a parameter and the generated parameter name inserted where the {0} placeholder was specified.

var user = "johndoe";var blogs = context.Blogs    .FromSql("EXECUTE dbo.GetMostPopularBlogsForUser {0}", user)    .ToList();

This is the same query but using string interpolation syntax, which is supported in EF Core 2.0 and above:

var user = "johndoe";var blogs = context.Blogs    .FromSql($"EXECUTE dbo.GetMostPopularBlogsForUser {user}")    .ToList();

You can also construct a DbParameter and supply it as a parameter value. This allows you to use named parameters in the SQL query string

var user = new SqlParameter("user", "johndoe");var blogs = context.Blogs    .FromSql("EXECUTE dbo.GetMostPopularBlogsForUser @user", user)    .ToList();

 

 

Composing with LINQ

If the SQL query can be composed on in the database, then you can compose on top of the initial raw SQL query using LINQ operators. SQL queries that can be composed on being with the SELECT keyword.

The following example uses a raw SQL query that selects from a Table-Valued Function (TVF) and then composes on it using LINQ to perform filtering and sorting.

var searchTerm = ".NET";var blogs = context.Blogs    .FromSql($"SELECT * FROM dbo.SearchBlogs({searchTerm})")    .Where(b => b.Rating > 3)    .OrderByDescending(b => b.Rating)    .ToList();

 

 

Including related data

Composing with LINQ operators can be used to include related data in the query.

var searchTerm = ".NET";var blogs = context.Blogs    .FromSql($"SELECT * FROM dbo.SearchBlogs({searchTerm})")    .Include(b => b.Posts)    .ToList();

 

WarningAlways use parameterization for raw SQL queries: APIs that accept a raw SQL string such as FromSql and ExecuteSqlCommand allow values to be easily passed as parameters. In addition to validating user input, always use parameterization for any values used in a raw SQL query/command. If you are using string concatenation to dynamically build any part of the query string then you are responsible for validating any input to protect against SQL injection attacks.

 

参考文献:

 

 

转载地址:http://alnao.baihongyu.com/

你可能感兴趣的文章
day24 异常处理
查看>>
day28 classmethod 装饰器
查看>>
jquery 实现弹出框 打开与关闭
查看>>
LESS 学习整理总结
查看>>
QName
查看>>
LeetCode OJ:Reverse Linked List II(反转链表II)
查看>>
LeetCode OJ:Binary Tree Zigzag Level Order Traversal(折叠二叉树遍历)
查看>>
海量数据、高并发优化方案
查看>>
会计的思考(35):会计数据之殇
查看>>
10多媒体
查看>>
分布式一致性协议
查看>>
day10-mysql
查看>>
脑洞大开——我理解的编程模式
查看>>
项目总结07:JS图片的上传预览和表单提交(FileReader()方法)
查看>>
Linux中各种进程显示和默认端口
查看>>
Java使用线程并发库模拟弹夹装弹以及发射子弹的过程
查看>>
android 利用SimpleDateFormat格式化时间不准确的问题
查看>>
盘点互联网巨头奉献的十大开源安全工具[转]
查看>>
FileUtils工具类的使用
查看>>
程序员找不女朋友的原因
查看>>