C# sql中拼接查询条件时:避免where 1=1出现

        string sql = string.Format("select * from {0} where 1=1", "user");
            //拼接查询条件
            string sqlWhere = string.Empty;
            if (userId > 0)
            {
                sqlWhere += string.Format(" and userId={0}", userId);
            }
            if (gender != -1)
            {
                sqlWhere += string.Format(" and gender={0}", gender);
            }
            if (status != -1)
            {
                sqlWhere += string.Format(" and `status`={0}", status);
            }
            sql += sqlWhere;
            sql += string.Format(" order by userId desc limit {0},{1}", skip, limit);

换成如下:

            string sql = string.Format("select * from {0}", "user");
            //拼接查询条件
            List queryWhere = new List();
            if (userId > 0)
            {
                queryWhere.Add(string.Format("userId={0}", userId));
            }
            if (gender != -1)
            {
                queryWhere.Add(string.Format("gender={0}", gender));
            }
            if (status != -1)
            {
                queryWhere.Add(string.Format("`status`={0}", status));
            }
            string sqlWhere = GetQueryWhere(queryWhere);
            sql += sqlWhere;
            sql += string.Format(" order by userId desc limit {0},{1}", skip, limit);
        public static string GetQueryWhere(this List list)
        {
            if (list == null || list.Count <= 0)
                return "";

            //string sqlWhere = string.Join(" and ", list);
            //return " where " + sqlWhere;

            bool flag = true;
            StringBuilder strBuilder = new StringBuilder();
            foreach (var q in list)
            {
                if (flag)
                {
                    strBuilder.Append(" where ");
                    flag = false;
                }
                else
                {
                    strBuilder.Append(" and ");
                }
                strBuilder.Append(q);
            }
            return strBuilder.ToString();
        }

 

你可能感兴趣的:(mysql)