我在我的应用程序中使用SQLite(通过System.Data.SQLite包)。现在所有的插入,查询等操作,通过使用字符串发送命令,例如做:在C#中处理SQLite - 推进作为命令传递字符串操作
SQLiteCommand command = new SQLiteCommand(comStr, db);
其中comStr - 是一个字符串变量保存命令。
我可以使用其他选项而不是字符串吗?或者,字符串是从.NET处理SQL查询时应该使用的正确方法吗?
问题是,使用字符串可能会相当混乱,例如我有一些用户可以设置的过滤器。使用字符串操作命令 - 尽管作品 - 让我感觉非常脆弱:
public string GetFilterString()
{
string fil1 = "";
string fil2 = "";
string fil3 = "";
string fil4 = "";
// filter by time
switch (WithinTimeBtnStatus)
{
case WithinTime.All:
break;
case WithinTime.Hour:
string minusHour = (DateTime.Now - new TimeSpan(0, 1, 0, 0)).ToString("yyyy-MM-dd HH:mm:ss.fff");
fil1 = $" timestamp >= datetime('{minusHour}')";
break;
case WithinTime.Day:
string minusDay = (DateTime.Now - new TimeSpan(1, 0, 0, 0)).ToString("yyyy-MM-dd HH:mm:ss.fff");
fil1 = $" timestamp >= datetime('{minusDay}')";
break;
case WithinTime.Week:
string minusWeek = (DateTime.Now - new TimeSpan(7, 0, 0, 0)).ToString("yyyy-MM-dd HH:mm:ss.fff");
fil1 = $" timestamp >= datetime('{minusWeek}')";
break;
}
// filter by extension
for (int i = 0; i < FilteredExt.Count; i++)
{
fil2 += " ext != '" + FilteredExt[i] + "'";
if (i < FilteredExt.Count - 1)
fil2 += " and";
}
// filter by process
if (_processFilterSelected.ToLower() != "all" && _processFilterSelected != "")
{
fil3 = $" proc == '{_processFilterSelected}'";
}
// filter by File Operation
if (_FileOperationFilterSelected.ToLower() != "all" && _FileOperationFilterSelected != "")
{
FileOperation fo = Converters.StringToFileOperation(_FileOperationFilterSelected);
switch (fo)
{
case FileOperation.Deleted:
fil4 = " oper == 'DELETED'";
break;
case FileOperation.Renamed:
fil4 = " oper == 'RENAMED'";
break;
case FileOperation.Modified:
fil4 = " oper == 'MODIFIED'";
break;
}
}
string fil = "";
var tmp = new[] { fil1, fil2, fil3, fil4 };
foreach (var t in tmp)
{
if (t != "")
{
fil += " and" + t;
}
}
return fil;
}
嗯,至少你可以使用参数启动。 – Fildor
也许看看SqlCommandBuilder。 – Fildor
我猜他想要使用LINQ。 –