MySQL查询并不在C＃中工作，但是当数据库

Question

直接执行。在我的C＃项目工程，我试图用逗号分隔的字符串列表动态填充WHERE子句来查询数据库表：

List<string> productNames = new List<string>() { "A", "B", "C" }; 

// Construct SQL query 
string names = String.Join(",", productNames.Select(n => "'" + n.ToLower() + "'").ToArray()); 
// names = 'a', 'b', 'c' 

string query = "SELECT * FROM products WHERE LOWER(name) IN (@names);"; 

MySqlCommand cmd = new MySqlCommand(query, dbConn); 
cmd.Parameters.AddWithValue("@names", names); 

MySqlDataReader row = cmd.ExecuteReader(); 
while (row.Read()) 
{ 
    // Zero rows returned 
} 

当我运行上述，没有行被返回。 然而，当我直接通过MySQL工作台在数据库上运行SQL查询，该行发现：

SELECT * FROM products WHERE LOWER(name) IN ('a', 'b', 'c'); 
// 3 rows found 

为什么这并不在我的C代码工作？

Answer 1

Brain已在其博客文章here中很好地解释了这一点。下面的答案是这篇文章的摘录： 您需要逐个添加数组中的值。

List<string> productNames = new List<string>() { "A", "B", "C" }; 
var parameters = new string[productNames.Count]; 
var cmd = new SqlCommand(); 
for (int i = 0; i < productNames.Count; i++) 
{ 
    parameters[i] = string.Format("@name{0}", i); 
    cmd.Parameters.AddWithValue(parameters[i], productNames[i]); 
} 

cmd.CommandText = string.Format("SELECT * FROM products WHERE LOWER(name) IN ({0})", string.Join(", ", parameters)); 
cmd.Connection = new SqlConnection(connStr); 

这里是一个扩展的和可重复使用的解决方案

public static class SqlCommandExt 
{ 
    /// <summary> 
    /// This will add an array of parameters to a SqlCommand. This is used for an IN statement. 
    /// Use the returned value for the IN part of your SQL call. (i.e. SELECT * FROM table WHERE field IN ({paramNameRoot})) 
    /// </summary> 
    /// <param name="cmd">The SqlCommand object to add parameters to.</param> 
    /// <param name="values">The array of strings that need to be added as parameters.</param> 
    /// <param name="paramNameRoot">What the parameter should be named followed by a unique value for each value. This value surrounded by {} in the CommandText will be replaced.</param> 
    /// <param name="start">The beginning number to append to the end of paramNameRoot for each value.</param> 
    /// <param name="separator">The string that separates the parameter names in the sql command.</param> 
    public static SqlParameter[] AddArrayParameters<T>(this SqlCommand cmd, IEnumerable<T> values, string paramNameRoot, int start = 1, string separator = ", ") 
    { 
     /* An array cannot be simply added as a parameter to a SqlCommand so we need to loop through things and add it manually. 
     * Each item in the array will end up being it's own SqlParameter so the return value for this must be used as part of the 
     * IN statement in the CommandText. 
     */ 
     var parameters = new List<SqlParameter>(); 
     var parameterNames = new List<string>(); 
     var paramNbr = start; 
     foreach(var value in values) 
     { 
      var paramName = string.Format("@{0}{1}", paramNameRoot, paramNbr++); 
      parameterNames.Add(paramName); 
      parameters.Add(cmd.Parameters.AddWithValue(paramName, value)); 
     } 

     cmd.CommandText = cmd.CommandText.Replace("{" + paramNameRoot + "}", string.Join(separator, parameterNames.ToArray())); 

     return parameters.ToArray(); 
    } 
} 

你可以像

var cmd = new SqlCommand("SELECT * FROM products WHERE LOWER(name) IN ({name})"); 
cmd.AddArrayParameters(new int[] {"A", "B", "C" }, "name"); 

声明称这是你的方法内部在SQL语句中的"{name}"相同的参数名称我们发送到AddArrayParameters。 AddArrayParameters将用正确的参数替换该值。因为这里

cmd.Parameters.AddWithValue("@names", names); 

要传递一个值names

Answer 2

当您在IN中使用参数化查询时，应该为每个值使用一个参数。我的意思是你不应该使用一个参数值为“A，B，C”。相反，你应该使用这样的查询。

"SELECT * FROM products WHERE LOWER(name) IN (@name1, @name2, @name3);" 

在今天的另一个问题上，我为此写了一个例子。请检查this answer

Answer 3

你的C＃代码没有工作。它是而不是三个参数。 所以，你相当于SQL查询会像

SELECT * FROM products WHERE LOWER(name) IN ("'a', 'b', 'c'"); 

和不匹配会被发现。要了解更多关于IN clause及其误解，请看看这篇不错的文章Arrays and Lists in SQL Server

理想的参数必须是单个值。你可以这样做

SELECT * FROM products WHERE LOWER(name) IN (@name1, @name2, @name3); 

它很简单，干净。 但你也可以尝试在单个参数传递多个值喜欢这里 Parameterize an SQL IN clause 和Having multiple values assigned to a single ADO.Net SqlClient parameter