Git Product home page Git Product logo

Comments (6)

ahmad-moussawi avatar ahmad-moussawi commented on July 19, 2024

Hi @generik0, thanks for your feedback, could you please show me an example of what you expect ?

from querybuilder.

generik0 avatar generik0 commented on July 19, 2024

Her is an example of the translation. _sqlTypeMapper is just a dictionary with e.g. System.Int type = int.

var r = compiler.Compile(query);

var parameters = r.Bindings.Select(parameter =>
{
var para = new StringBuilder();
para.Append($"DECLARE @{parameter.Key} {_sqlTypeMapper[parameter.Value.GetType()]}\n");
para.Append($"SET @{parameter.Key} = {parameter.Value}");
return para.ToString();
});

var sqlFull = {string.Join("\n", parameters)}\n{r.Sql};

from querybuilder.

ahmad-moussawi avatar ahmad-moussawi commented on July 19, 2024

Ah ok I got your idea now, but why not replacing the values of the parameters inline similar to SqlResult.ToString() method ?

https://github.com/sqlkata/querybuilder/blob/master/QueryBuilder/SqlResult.cs#L40-L59

from querybuilder.

generik0 avatar generik0 commented on July 19, 2024

If we use the parameter query, wont the query still be cached and using the parameters get a performance “boost”? I.e. instead of different versions of the same query.

We will also prevent SQL injections.
Maybe this is to much of a corner case?
We are using DevExtreme dashboards that we feed with custom sql “data sources”. This is why the sql with parameters will benefit us...

from querybuilder.

ceastwood avatar ceastwood commented on July 19, 2024

@generik0

Converting the bindings to the actual string of the SQL statement opens you back up to SQL injection and i'd advise against doing that at all cost. Also, I'm not a SQL expert but I believe you would most likely loose the cache hit for the query plan under some circumstances / queries if you convert the bindings into the statement as text. It's something to test but i'd still advise against.

I just made a quick glance at some documentation for the DevExpress dashboard. Are you setting the datasource in code?

If so, please refer to this link

You'll notice that the CustomSqlQuery object has a property called 'Parameters' and you would only really need to map the SqlResult.Bindings into that collection.

If the above isn't your use case; please provide us a little more information so we can try to help.

Thanks

from querybuilder.

generik0 avatar generik0 commented on July 19, 2024

Sounds like the best plan.....

from querybuilder.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.