/// <summary>
/// Sql数据库兼容和Sql注入处理
/// </summary>
public static string Compatible(object where, DataBaseType dalType, bool isFilterInjection)
{
string text = GetIFieldSql(where);
if (isFilterInjection)
{
text = SqlInjection.Filter(text, dalType);
}
text = SqlCompatible.Format(text, dalType);
return(RemoveWhereOneEqualsOne(text));
}
/// <summary>
/// 返回不包括Where条件的字符串
/// </summary>
/// <returns>结果如:Update tableName set Name=@Name,Value=@Value</returns>
internal string GetUpdateSql(object whereObj)
{
isCanDo = false;
StringBuilder _TempSql = new StringBuilder();
_TempSql.Append("Update " + TableName + " set ");
if (!string.IsNullOrEmpty(updateExpression))
{
_TempSql.Append(SqlCompatible.Format(updateExpression, _action.DalType) + ",");
updateExpression = null;//取完值后清除值。
isCanDo = true;
}
string editTime = GetEditTimeSql();//内部判断该字段没有值才会更新。
if (!string.IsNullOrEmpty(editTime))
{
_TempSql.Append(editTime);//自带尾,号
}
MDataCell cell = null;
for (int i = 0; i < _action.Data.Count; i++)
{
cell = _action.Data[i];
if (cell.Struct.IsPrimaryKey || cell.Struct.IsAutoIncrement)
{
continue;//跳过自增或主键列。
}
if (cell.cellValue.State > 1 && (cell.Struct.IsCanNull || !cell.IsNull))
{
if (cell.Struct.SqlType == SqlDbType.Timestamp && (_action.DalType == DalType.MsSql || _action.DalType == DalType.Sybase))
{
//更新时间戳不允许更新。
continue;
}
object value = cell.Value;
DbType dbType = DataType.GetDbType(cell.Struct.SqlType.ToString(), _action.DalType);
if (_action.DalType == DalType.Oracle && dbType == DbType.String && cell.strValue == "" && !cell.Struct.IsCanNull)
{
value = " ";//Oracle not null 字段,不允许设置空值。
}
_action.dalHelper.AddParameters(_action.dalHelper.Pre + cell.ColumnName, value, dbType, cell.Struct.MaxSize, ParameterDirection.Input);
_TempSql.Append(SqlFormat.Keyword(cell.ColumnName, _action.DalType) + "=" + _action.dalHelper.Pre + cell.ColumnName + ",");
isCanDo = true;
}
}
if (!isCanDo)
{
_action.dalHelper.debugInfo.Append(AppConst.HR + "Tip : Can not find the data can be updated!");
}
//switch (_action.dalHelper.dalType)
//{
// case DalType.Oracle:
// case DalType.SQLite:
// _TempSql = _TempSql.Replace("[", "").Replace("]", "");
// break;
// case DalType.MySql:
// _TempSql = _TempSql.Replace("[", "`").Replace("]", "`");
// break;
//}
_TempSql = _TempSql.Remove(_TempSql.Length - 1, 1);
_TempSql.Append(" where " + FormatWhere(whereObj));
return(_TempSql.ToString());
}
/// <summary>
/// 返回不包括Where条件的字符串
/// </summary>
/// <returns>结果如:Update tableName set Name=@Name,Value=@Value</returns>
internal string GetUpdateSql(object whereObj)
{
isCanDo = false;
StringBuilder _TempSql = new StringBuilder();
_TempSql.Append("Update " + SqlFormat.Keyword(TableName, _action.dalHelper.DataBaseType) + " set ");
if (!string.IsNullOrEmpty(updateExpression))
{
_TempSql.Append(SqlCompatible.Format(updateExpression, _action.DataBaseType) + ",");
updateExpression = null;//取完值后清除值。
isCanDo = true;
}
string editTime = GetEditTimeSql();//内部判断该字段没有值才会更新。
if (!string.IsNullOrEmpty(editTime))
{
_TempSql.Append(editTime);//自带尾,号
}
MDataCell cell = null;
for (int i = 0; i < _action.Data.Count; i++)
{
cell = _action.Data[i];
if (cell.Struct.IsPrimaryKey || cell.Struct.IsAutoIncrement)
{
continue;//跳过自增或主键列。
}
if (cell.State > 1 && (cell.Struct.IsCanNull || !cell.IsNull))
{
if (cell.Struct.SqlType == SqlDbType.Timestamp && (_action.DataBaseType == DataBaseType.MsSql || _action.DataBaseType == DataBaseType.Sybase))
{
//更新时间戳不允许更新。
continue;
}
if (_action.DataBaseType == DataBaseType.MsSql && cell.Struct.SqlTypeName != null && cell.Struct.SqlTypeName.EndsWith("hierarchyId"))
{
_TempSql.Append(SqlFormat.Keyword(cell.ColumnName, _action.DataBaseType) + "=HierarchyID::Parse('" + cell.StringValue + "')" + ",");
}
else
{
if (_action.DataBaseType == DataBaseType.FoxPro)
{
string value = "\"" + cell.StringValue + "\",";
if (cell.Struct.SqlType == SqlDbType.DateTime)
{
value = "{^" + cell.StringValue + "},";
}
//不支持参数化
_TempSql.Append(SqlFormat.Keyword(cell.ColumnName, _action.DataBaseType) + "=" + value);
}
else
{
object value = cell.Value;
DbType dbType = DataType.GetDbType(cell.Struct.SqlType.ToString(), _action.DataBaseType);
if (dbType == DbType.String && cell.StringValue == "")
{
if (_action.DataBaseType == DataBaseType.Oracle && !cell.Struct.IsCanNull)
{
value = " ";//Oracle not null 字段,不允许设置空值。
}
if (_action.DataBaseType == DataBaseType.MySql && cell.Struct.MaxSize == 36)
{
value = DBNull.Value;//MySql 的char36 会当成guid处理,不能为空,只能为null。
}
}
_action.dalHelper.AddParameters(_action.dalHelper.Pre + cell.ColumnName, value, dbType, cell.Struct.MaxSize, ParameterDirection.Input);
_TempSql.Append(SqlFormat.Keyword(cell.ColumnName, _action.DataBaseType) + "=" + _action.dalHelper.Pre + cell.ColumnName + ",");
}
}
isCanDo = true;
}
}
if (!isCanDo)
{
string err = AppConst.HR + "warn : " + TableName + " can't find the data can be updated!";
Log.Write(err, LogType.Warn);
_action.dalHelper.DebugInfo.Append(err);
}
//switch (_action.dalHelper.dalType)
//{
// case DalType.Oracle:
// case DalType.SQLite:
// _TempSql = _TempSql.Replace("[", "").Replace("]", "");
// break;
// case DalType.MySql:
// _TempSql = _TempSql.Replace("[", "`").Replace("]", "`");
// break;
//}
_TempSql = _TempSql.Remove(_TempSql.Length - 1, 1);
_TempSql.Append(" where " + FormatWhere(whereObj));
return(_TempSql.ToString());
}