/// <summary>
/// 检测是否是参数化查询SQL
/// </summary>
/// <param name="conn">基于的数据库连接</param>
/// <param name="inputSql">执行的SQL 语句</param>
///<param name = "cmdParms" > 执行的sql 参数/param>
/// <returns></returns>
private bool IsValidParamedSqlQuery(DbConnection conn, string inputSql, IEnumerable<DbParameter> cmdParms)
{
var result = false;
// MySqlConnectionStringBuilder cb = new MySqlConnectionStringBuilder(
//conn.ConnectionString);
// bool sqlServerMode = cb.SqlServerMode;
SqlStatementTokenizer statementTokenizer = new SqlStatementTokenizer(inputSql);
statementTokenizer.ReturnComments = true;
statementTokenizer.SqlServerMode = true;
var isParamSql = statementTokenizer.IsParamedSql();
if (isParamSql == false)
{
//非参数话的查询 直接返回true
return true;
}
//如果是参数话的查询 那么检测参数
//基于参数的查询,匹配是否有参数
if (cmdParms == null || cmdParms.Count() <= 0)
{
throw new Exception("基于参数化查询的SQL命令,请必须提供参数!");
}
//通过了检测
result = true;
statementTokenizer = null;
return result;
}
/// <summary>
/// 提取参数化查询sql 中的参数列表
/// </summary>
/// <param name="inputSql"></param>
/// <returns></returns>
internal string GetParamSqlTokenToSqlParas(string inputSql, out string[] sqlParaToken)
{
string result = string.Empty;
sqlParaToken = null;
if (inputSql.IsNullOrEmpty())
{
return(result);
}
SqlStatementTokenizer statementTokenizer = new SqlStatementTokenizer(inputSql);
statementTokenizer.ReturnComments = true;
statementTokenizer.SqlServerMode = true;
var isParamSql = statementTokenizer.IsParamedSql();
if (isParamSql == false)
{
//非参数话的查询 直接返回true
return(result);
}
//如果是参数话的查询 那么检测参数
var allTokens = statementTokenizer.GetAllParamedTokens();
sqlParaToken = allTokens.ToArray();
return(string.Join(",", allTokens));
}
