LINQ MVC中的动态位置 [英] Dynamic Where in linq MVC

问题描述

我正在尝试在MVC项目中过滤带有两个下拉菜单的模型

I am trying to filter a model with two dropdown in an MVC project

var model = (from x in db.TABLE....
            join y in db.TABLE...).Where(where)...

我的逻辑是

            String where = string.Empty;

            if (search.anno != null)
                where = " ANNO = " + search.anno ;

            if (search.Cliente != null)
            {
                if (!string.IsNullOrEmpty(where))
                {
                    where += " And CODICE_CLIENTE = '" + search.Cliente + "'";                 }
                else
                {
                    where = " CODICE_CLIENTE = '" + search.Cliente + "'";
                }
            }

我得到一个错误:System.Linq.Dynamic.ParseException:字符文字必须恰好包含一个字符

i get an error: System.Linq.Dynamic.ParseException: Character literal must contain exactly one character

我在+ ="And CODICE_CLIENTE ='" + search.Cliente +'";

i get that in where += " And CODICE_CLIENTE = '" + search.Cliente + "'";

我看到末尾的Apex是'"

i saw that the Apex at the end is '"

如何解决

推荐答案

您需要对表达式使用双等于和对字符串使用双引号 字符串，其中= string.Empty;

You need to use double equals for the expression and double quotes for the strings String where = string.Empty;

            if (search.anno != null)
                where = " ANNO == " + search.anno ;

            if (search.Cliente != null)
            {
                if (!string.IsNullOrEmpty(where))
                {
                    where += " And CODICE_CLIENTE == \"" + search.Cliente + "\"";                 }
                else
                {
                    where = " CODICE_CLIENTE == \"" + search.Cliente + "\"";
                }
            }

注意，这很容易发生SQL注入，应避免使用，应该使用类似以下的参数:

Note that this is prone to SQL injection and should be avoided, you should use parameters, something like this:

var model = (from x in db.TABLE.... join y in db.TABLE...).Where(whereString, params)...

这篇关于LINQ MVC中的动态位置的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！