tags:

views:

98

answers:

1
Q: 

How to build where clause in SQL Server??

I would like to build the where clase of a sql statement dynamically from hashtable in C#.

The key of the hash_table will be the column's name to be inserted and the value of hash_table will be value.

string sql_1="SELECT COL_1,COL_2 FROM MY_TABLE";
string sql_2="SELECT * FROM MY_TABLE WHERE COL_3='ABC'";  //note: some statment have where clause while some do NOT have. 

string sql= ToSql(sql_1,myHashTable); // the actual sql statment will be returned from ToSql
//execute sql
sql= ToSql(sql_2,myHashTable); // 
//execute sql

My Question is, how can I create function ToSql() function in LINQ?

NOTE: The data type of the value of hashtable will be taken into consideration.

Thanks in advance.

+3  A:  
var q = String.Join(" AND ", myHashTable.Select(x => x.Key.ToString() + " = " + 
    (x.Value is string ? "'" : "") + x.Value.ToString() + 
    (x.Value is string ? "'" : "")))

Of course you're going to have to decide whether to add a "WHERE", "AND", have to strip off some "GROUP BY" clause first before adding "WHERE", and deal with escaping, but I trust you can handle that.

However, I would strongly suggest using parameterized queries instead, and add the parameters to the SqlCommand. Something like:

var q = String.Join(" AND ", myHashTable.Select(x => x.Key.ToString() + " = @" +
    x.Key.ToString()));

var parameters = myHashTable.Select(x => new SqlParameter("@" + x.Key.ToString(), 
    x.Value));
lc  2010-06-18 04:09:56
Thanks for suggestion. But,I think, using parameterized queries is not possible for me because ,the number of parameters will be passed can be known only at runtime,which will needs some extra codes.By the way,is it possible to access Hashtable in LINQ?
Kai  2010-06-18 04:40:59
@Kai, the parameterized query is still a custom-at-runtime query; it just saves you the hassle of trying to correctly escape the parameters, which is a Very Valuable security technique.
Craig Trader  2010-06-18 04:43:32
@W.Craig Trader ,Thanks for correcting me.But, I have already had the function that can handle this ,and I need to pass just the sql statement to this.
Kai  2010-06-18 04:45:59

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?