移除未实现的EF调用存储过程的方法,增加EF调用原生sql参数化查询FromSqlInterpolated

cq-panda · cq-panda · commit 72bea83f49b4 · 2020-09-20T16:33:31.000+08:00
diff --git a/Vue.Net/VOL.Core/BaseProvider/IRepository.cs b/Vue.Net/VOL.Core/BaseProvider/IRepository.cs
@@ -256,15 +256,21 @@ void AddRange<T>(IEnumerable<T> entities, bool saveChanges = false)
 
         Task<int> SaveChangesAsync();
 
-        //执行存储过程
-        List<TEntity> RunProc(string sql, params SqlParameter[] pamrs);
+
 
         int ExecuteSqlCommand(string sql, params SqlParameter[] sqlParameters);
 
         List<TEntity> FromSql(string sql, params SqlParameter[] sqlParameters);
 
+        /// <summary>
+        /// 执行sql
+        /// 使用方式 FormattableString sql=$"select * from xx where name ={xx} and pwd={xx1} "，
+        /// FromSqlInterpolated内部处理sql注入的问题，直接在{xx}写对应的值即可
+        /// 注意：sql必须 select * 返回所有TEntity字段，
+        /// </summary>
+        /// <param name="formattableString"></param>
+        /// <returns></returns>
+        IQueryable<TEntity> FromSqlInterpolated([System.Diagnostics.CodeAnalysis.NotNull] FormattableString sql);
       
-
-
     }
 }
diff --git a/Vue.Net/VOL.Core/BaseProvider/RepositoryBase.cs b/Vue.Net/VOL.Core/BaseProvider/RepositoryBase.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Data.Common;
 using System.Data.SqlClient;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Linq.Expressions;
 using System.Reflection;
@@ -575,48 +576,29 @@ public virtual Task<int> SaveChangesAsync()
         {
             return EFContext.SaveChangesAsync();
         }
-        /// <summary>
-        /// new SqlParameter("@tableName",TableName)
-        /// </summary>
-        /// <typeparam name="TResult"></typeparam>
-        /// <param name="sql"></param>
-        /// <param name="parameters"></param>
-        /// <returns></returns>
-        /// <summary>
-        /// new SqlParameter("@tableName",TableName)
-        /// </summary>
-        /// <typeparam name="TResult"></typeparam>
-        /// <param name="sql"></param>
-        /// <param name="parameters"></param>
-        /// <returns></returns>
-        public virtual List<TEntity> RunProc(string sql, params SqlParameter[] parameters)
-        {
-            foreach (var item in parameters)
-            {
-                if ((item as DbParameter).Value == null)
-                {
-                    (item as DbParameter).Value = DBNull.Value;
-                }
-            }
-            if (parameters != null && parameters.Count() > 0)
-            {
-                sql = sql + " " + string.Join(",",
-                  parameters.
-                  Select(x => ((DbParameter)x).ParameterName + (((DbParameter)x).Direction.ToString() == "Output" ? " Output" : "")));
-            }
-            return null;
-            //    return DBSet.FromSql($"{sql}", parameters).ToList();
-        }
-
+      
         public virtual int ExecuteSqlCommand(string sql, params SqlParameter[] sqlParameters)
         {
             return DbContext.Database.ExecuteSqlRaw(sql, sqlParameters);
         }
 
         public virtual List<TEntity> FromSql(string sql, params SqlParameter[] sqlParameters)
         {
-            return null;
-            // return DBSet.FromSql(sql, sqlParameters).ToList();
+            return DBSet.FromSqlRaw(sql, sqlParameters).ToList();
+        }
+
+        /// <summary>
+        /// 执行sql
+        /// 使用方式 FormattableString sql=$"select * from xx where name ={xx} and pwd={xx1} "，
+        /// FromSqlInterpolated内部处理sql注入的问题，直接在{xx}写对应的值即可
+        /// 注意：sql必须 select * 返回所有TEntity字段，
+        /// </summary>
+        /// <param name="formattableString"></param>
+        /// <returns></returns>
+        public virtual IQueryable<TEntity> FromSqlInterpolated([NotNull] FormattableString sql)
+        {
+           //DBSet.FromSqlInterpolated(sql).Select(x => new { x,xxx}).ToList();
+            return DBSet.FromSqlInterpolated(sql);
         }
 
     }
diff --git a/开发版dev/Vue.NetCore/Vue.Net/VOL.Core/BaseProvider/IRepository.cs b/开发版dev/Vue.NetCore/Vue.Net/VOL.Core/BaseProvider/IRepository.cs
@@ -256,15 +256,21 @@ void AddRange<T>(IEnumerable<T> entities, bool saveChanges = false)
 
         Task<int> SaveChangesAsync();
 
-        //执行存储过程
-        List<TEntity> RunProc(string sql, params SqlParameter[] pamrs);
+
 
         int ExecuteSqlCommand(string sql, params SqlParameter[] sqlParameters);
 
         List<TEntity> FromSql(string sql, params SqlParameter[] sqlParameters);
 
+        /// <summary>
+        /// 执行sql
+        /// 使用方式 FormattableString sql=$"select * from xx where name ={xx} and pwd={xx1} "，
+        /// FromSqlInterpolated内部处理sql注入的问题，直接在{xx}写对应的值即可
+        /// 注意：sql必须 select * 返回所有TEntity字段，
+        /// </summary>
+        /// <param name="formattableString"></param>
+        /// <returns></returns>
+        IQueryable<TEntity> FromSqlInterpolated([System.Diagnostics.CodeAnalysis.NotNull] FormattableString sql);
       
-
-
     }
 }
diff --git a/开发版dev/Vue.NetCore/Vue.Net/VOL.Core/BaseProvider/RepositoryBase.cs b/开发版dev/Vue.NetCore/Vue.Net/VOL.Core/BaseProvider/RepositoryBase.cs
@@ -5,6 +5,7 @@
 using System.Collections.Generic;
 using System.Data.Common;
 using System.Data.SqlClient;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Linq.Expressions;
 using System.Reflection;
@@ -575,48 +576,29 @@ public virtual Task<int> SaveChangesAsync()
         {
             return EFContext.SaveChangesAsync();
         }
-        /// <summary>
-        /// new SqlParameter("@tableName",TableName)
-        /// </summary>
-        /// <typeparam name="TResult"></typeparam>
-        /// <param name="sql"></param>
-        /// <param name="parameters"></param>
-        /// <returns></returns>
-        /// <summary>
-        /// new SqlParameter("@tableName",TableName)
-        /// </summary>
-        /// <typeparam name="TResult"></typeparam>
-        /// <param name="sql"></param>
-        /// <param name="parameters"></param>
-        /// <returns></returns>
-        public virtual List<TEntity> RunProc(string sql, params SqlParameter[] parameters)
-        {
-            foreach (var item in parameters)
-            {
-                if ((item as DbParameter).Value == null)
-                {
-                    (item as DbParameter).Value = DBNull.Value;
-                }
-            }
-            if (parameters != null && parameters.Count() > 0)
-            {
-                sql = sql + " " + string.Join(",",
-                  parameters.
-                  Select(x => ((DbParameter)x).ParameterName + (((DbParameter)x).Direction.ToString() == "Output" ? " Output" : "")));
-            }
-            return null;
-            //    return DBSet.FromSql($"{sql}", parameters).ToList();
-        }
-
+      
         public virtual int ExecuteSqlCommand(string sql, params SqlParameter[] sqlParameters)
         {
             return DbContext.Database.ExecuteSqlRaw(sql, sqlParameters);
         }
 
         public virtual List<TEntity> FromSql(string sql, params SqlParameter[] sqlParameters)
         {
-            return null;
-            // return DBSet.FromSql(sql, sqlParameters).ToList();
+            return DBSet.FromSqlRaw(sql, sqlParameters).ToList();
+        }
+
+        /// <summary>
+        /// 执行sql
+        /// 使用方式 FormattableString sql=$"select * from xx where name ={xx} and pwd={xx1} "，
+        /// FromSqlInterpolated内部处理sql注入的问题，直接在{xx}写对应的值即可
+        /// 注意：sql必须 select * 返回所有TEntity字段，
+        /// </summary>
+        /// <param name="formattableString"></param>
+        /// <returns></returns>
+        public virtual IQueryable<TEntity> FromSqlInterpolated([NotNull] FormattableString sql)
+        {
+           //DBSet.FromSqlInterpolated(sql).Select(x => new { x,xxx}).ToList();
+            return DBSet.FromSqlInterpolated(sql);
         }
 
     }
