参数化查询(C#、Oracle):如何生成更具可读性的表示?
我在 C# 代码中使用参数化查询来与 Oracle 数据库交互。 我该怎么做才能以更易读的方式记录语句?
假设我有一个参数化查询,例如:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (:id, :name, :birthdate)
理想情况下,我希望看到所有参数都被替换的日志条目,以便我可以复制并粘贴该语句以供以后使用:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (23, ‘Mike’, TO_DATE('2003/07/09', 'yyyy/mm/dd')
我当前的方法是打印出参数化查询的字符串,然后迭代所有参数并使用 ToString()。 如果有很多参数,这有点难以阅读。 它会产生类似的结果:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (:id, :name, :birthdate) [:id=23, :name=Mike, birthdate=2004/07/09 00:00:00]
我计划的另一种方法是使用 string.Replace() 函数来替换参数占位符。 但也许有更好的方法来做到这一点?
提前致谢。
编辑1:
我认为最好提供一些代码示例。
我正在使用这种形式的参数化查询(注意:我正在使用 log4net):
using (OracleConnection connection = new OracleConnection(connectionString))
using (OracleCommand command = new OracleCommand(statement, connection))
{
command.Parameters.AddWithValue(":id", id);
command.Parameters.AddWithValue(":name", name);
command.Parameters.AddWithValue(":birthdate", birthdate);
command.Connection.Open();
log.DebugFormat("Executing statement: {0}.", command.CommandText);
// there I would add some more code to iterate over
// the parameters and print them out
command.ExecuteNonQuery();
command.Connection.Close();
}
我正在寻找一种方法来注销 oracle 命令对象正在使用的语句。 我目前的方法(参见问题)还不是很令人满意,因为可读性不是很好。
我希望有一些 API(甚至可能在 OracleClient 命名空间中)可以帮助我解析参数化查询。 我可以做一些更复杂的字符串替换或正则表达式,但我想收集一些知识。 我已经对此进行了一些研究,但没有发现任何东西。
I am using parameterized queries in my C# code to interact with an Oracle database. What can I do to log the statements in a more readable fashion?
Suppose I have a parameterized query like:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (:id, :name, :birthdate)
Ideally I would like to see the log entry with all parameters replaced so I could copy and paste the statement for later use:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (23, ‘Mike’, TO_DATE('2003/07/09', 'yyyy/mm/dd')
My current approach is to print out the string of the parameterized query and then iterate over all parameters and use ToString(). This is a bit hard to read, if there are many parameters. It would yield something like:
INSERT INTO PERSON (ID, NAME, BIRTHDATE) VALUES (:id, :name, :birthdate) [:id=23, :name=Mike, birthdate=2004/07/09 00:00:00]
Another approach I am planning would be to use the string.Replace() function to replace the parameter placeholders. But maybe there some better way to do this?
Thanks in advance.
Edit 1:
I thought better to provide some code example.
I am using parameterized queries in this form (Note: I am using log4net):
using (OracleConnection connection = new OracleConnection(connectionString))
using (OracleCommand command = new OracleCommand(statement, connection))
{
command.Parameters.AddWithValue(":id", id);
command.Parameters.AddWithValue(":name", name);
command.Parameters.AddWithValue(":birthdate", birthdate);
command.Connection.Open();
log.DebugFormat("Executing statement: {0}.", command.CommandText);
// there I would add some more code to iterate over
// the parameters and print them out
command.ExecuteNonQuery();
command.Connection.Close();
}
I am looking for a way to log out the statement, which the oracle command object is using. My current approaches (see question) are yet not very satisfying, because not very readable.
I hoped that there would be some API (maybe something even in the OracleClient namespace) that would help to parse the parameterized query for me. I could do some more sophisticated string replacement or regex, but I wanted to collect some knowledge. I have already done some reasearch on it, but didn't found something.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
也许值得看看它在 NHibernate 来源。
找到名为“GetCommandLogString(IDbCommand command)”的函数,您几乎可以复制/粘贴它:p
Maybe it's worth looking at the way its done in the NHibernate source.
Find the function called "GetCommandLogString(IDbCommand command)" which you could almost copy/paste :p
尝试将其存储为可运行语句以供以后使用的麻烦在于参数版本的运行方式与硬编码字符串版本不同,因为前者不需要内联类型转换,例如您不必添加引号您需要根据每个参数的类型手动执行此操作。
我不知道你的日志格式是什么,但你最好将 SQL 写入日志以运行参数化查询; 即,声明必要的变量并赋值,然后运行查询。 它将产生更多行(或更长的行,如果避免换行符),但随后您可以按原样运行代码,而不必担心自己替换参数。 另外,您的日志条目可以抵抗 SQL 注入:)
The trouble with trying to store this as a runnable statement for later use is that the parameter version runs differently to the hard-coded-string version, since the former doesn't require the typecasting inline, e.g. you don't have to put quotes around the string parameters etc. You'd need to do that manually depending on the type of each parameter.
I don't know what your log format is, but you might be better off writing to the log the SQL to run a parametized query instead; i.e., declare necessary variables, and assign values, then run the query. It will make for more lines (or longer lines, if you avoid the line breaks), but then you can just run the code as-is, and you don't have to worry about replacing the parameters yourself. Plus your log entries are resistant to SQL injection :)
好用一下替换功能。 为什么不? 或者您可以使用 string.format()。 或者正则表达式。 或者是组合。 您想要的只是字符串操作。
Well use the replace function. Why not? Or you can use string.format(). Or regular expressions. Or a combination. All you want is string manipulation.
您可以使用这种方式:
You can use this way: