Catalog arrangement

2025-09-20 02:29:39 +08:00 · 2017-06-22 12:55:03 +08:00
parent 47980cd682
commit fc0155ce44
182 changed files with 0 additions and 6 deletions
--- a/Src/Asp.Net/SqlServerTest/Demos/8_JoinSql.cs
+++ b/Src/Asp.Net/SqlServerTest/Demos/8_JoinSql.cs
@@ -0,0 +1,51 @@
+using OrmTest.Demo;
+using OrmTest.Models;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+
+namespace OrmTest.Demo
+{
+    /// <summary>
+    /// Secure string operations
+    /// </summary>
+    public class JoinSql : DemoBase
+    {
+        public static void Init()
+        {
+            Where();
+            OrderBy();
+        }
+
+        private static void Where()
+        {
+            var db = GetInstance();
+            //Parameterized processing
+            string value = "'jack';drop table Student";
+            var list = db.Queryable<Student>().Where("name=@name", new { name = value }).ToList();
+            //Nothing happened
+        }
+
+        private static void OrderBy()
+        {
+            var db = GetInstance();
+            //propertyName is valid
+            string propertyName = "Id";
+            string dbColumnName = db.EntityProvider.GetDbColumnName<Student>(propertyName);
+            var list = db.Queryable<Student>().OrderBy(dbColumnName).ToList();
+
+            //propertyName is invalid
+            try
+            {
+                propertyName = "Id'";
+                dbColumnName = db.EntityProvider.GetDbColumnName<Student>(propertyName);
+                var list2 = db.Queryable<Student>().OrderBy(dbColumnName).ToList();
+            }
+            catch (Exception ex)
+            {
+                Console.WriteLine(ex.Message);
+            }
+        }
+    }
+}