2

我有一张包含大量信息的表格,现在我希望用户可以搜索该表格。

List<Table> tableSearch = new List<Table>();
string[] words = searchString.Split(' ');
string sqlSearch = "";
foreach (string word in words)
{
    sqlSearch += " and Searchstring LIKE "+ "'%" + word + "%'";
}
tableSearch = db.Query<Table> ("select * from Table WHERE 1 = 1" + sqlSearch);

这是有效的,也是我想要得到的解决方案。问题是,当 searchString 类似于 时D'我得到一个异常。

我在这里发现sqlite-net like statement crashs是解决问题的好方法。

我的问题是,我现在找到的唯一解决方案是:

if (words.Length < 2) 
    tableSearch = db.Query<Table> ("select * from Table WHERE Searchstring LIKE ?", "%" + words[0] + "%");
else if (words.Length < 3) 
    tableSearch = db.Query<Table> ("select * from Table WHERE Searchstring LIKE ? and Searchstring LIKE ?", "%" + words[0] + "%", "%" + words[1] + "%");

等等......

但这不是我想要的解决方案。

有人有想法吗?

4

3 回答 3

1

您需要替换 SQL 字符串中出错的特殊字符 例如 SQL 字符串中的 ' 字符需要替换为 ''。因此,我们需要将您的代码修改为这样。

List<Table> tableSearch = new List<Table>();
string[] words = searchString.Split(' ');
string sqlSearch = "";
foreach (string word in words)
{
    sqlSearch += " and Searchstring LIKE "+ "'%" + word.Replace("'", "''") + "%'";
}
tableSearch = db.Query<Table> ("select * from Table WHERE 1 = 1" + sqlSearch);

要了解有关如何转义特殊字符的更多信息,请参阅以下链接 How does one escape special characters when writing SQL queries?

于 2013-09-08T18:58:29.257 回答
0

我无法就重音“Du”的问题提供建议,但 D' 会导致错误,因为 ' 没有转义,并且会干扰 sql;因此在您的第一个代码块中,

代替

sqlSearch += " and Searchstring LIKE "+ "'%" + word + "%'";


sqlSearch += " and Searchstring LIKE '%" + word.Replace("'","''") + "%'";
于 2013-08-23T04:56:29.400 回答
0

这是编写 N.Nagy 答案的另一种方式,使用较少的字符串连接:

        var words = (IEnumerable<string>)searchString.Split(' ').ToList();
        const string SqlClause = "Searchstring LIKE '%{0}%'";
        words = words.Select(word => string.Format(SqlClause, word.Replace("'", "''")));
        var joined = string.Join(" AND ", words.ToArray());
        const string SqlQuery = "select * from Table WHERE {0}";
        var tableSearch = db.Query<Table>(string.Format(SqlQuery, joined));

因为每个人都应该知道string.Join()!!

只是为了咯咯笑:

        const string SqlClause = "Searchstring LIKE '%{0}%'";
        const string SqlQuery = "select * from Table WHERE {0}";
        var tableSearch = db.Query<Table>(string.Format(SqlQuery, string.Join(" AND ", searchString.Split(' ').Select(word => string.Format(SqlClause, word.Replace("'", "''"))).ToArray())));

:)

于 2016-04-12T15:22:31.920 回答