1

私はC#が初めてで、これを理解するのに苦労しています.

public UserNotificationFeed GetNotificationFeed(TenantInfo tenant, List<int> notificationId)
{
    UserNotificationFeed userNotificationFeed = new UserNotificationFeed();

    string sql = "select " + NotificationFieldList + " from UserNotificationFeed where MsgId = @MsgId";

    Database databaseObj = SocialDB.GetDataBase(tenant.ConnectionString, tenant.ProviderName);
    DbCommand commandObj = databaseObj.GetSqlStringCommand(sql);

    databaseObj.AddInParameter(commandObj, "MsgId", DbType.Int64, notificationId );

    using (IDataReader reader = databaseObj.ExecuteReader(commandObj))
    {
       while (reader.Read())
       {
          userNotificationFeed = new UserNotificationFeed();
          this.PopulateObject(userNotificationFeed, reader);
       }
    }

    return userNotificationFeed;
}

私が欲しいのは、

string sql = "select " + NotificationFieldList + " from UserNotificationFeed where MsgId = @MsgId";

MsgIdによって渡された のリストを取得しList<int> notificationIdます。

どんな助けでも本当に感謝しています。

4

1 に答える 1

0

A simple approach, since the data is int (and therefore injection safe) would be to just use:

string sql = "select " + NotificationFieldList +
    " from UserNotificationFeed where MsgId in (" +
    string.Join(",", notificationId) + ")";

(and don't add the parameter)

If you want it to be fully parameterized, that is possible too, but harder (it requires a flexible number of parameters). There are tools that can help, though. For example, with dapper that would be:

var rows = connection.Query("select " + NotificationFieldList +
    " from UserNotificationFeed where MsgId in @MsgId",
    new {MsgId = notificationId}).ToList();

here dapper will automatically tweak the SQL and add the correct number of parameters. But: dapper won't work directly with your IDataReader-based PopulateObject method (since it has already populated some objects).

于 2012-10-22T10:35:39.197 に答える