我尝试使用数据适配器扩展方法对查询进行分页。
以下是我迄今为止实施的内容:
public static PagingInformation ExecutePagingInformation(
this IDbCommand dbCommand, int pageIndex, int pageSize,
CancellationToken cancellationToken = default)
{
string oldCommandText = dbCommand.CommandText;
dbCommand.CommandText = $"SELECT COUNT(*) FROM ({dbCommand.CommandText}) Q";
var totalCount = Convert.ToInt32(dbCommand.ExecuteScalar());
dbCommand.CommandText = oldCommandText;
return new PagingInformation(pageIndex, pageSize, 0, totalCount);
}
public static DbDataReader ExecutePagedReader(
this IDbCommand dbCommand, int pageIndex, int pageSize,
out PagingInformation pageInformation)
{
if (dbCommand.CommandType != CommandType.Text)
throw new InvalidOperationException("Only CommandType.Text is supported.");
DbDataReader reader;
if (dbCommand is OracleCommand oracleCommand)
{
pageInformation = dbCommand.ExecutePagingInformation(pageIndex, pageSize); //this is implemented by myself
reader = oracleCommand.ExecutePageReader(CommandBehavior.Default, pageIndex * pageSize, pageSize); //this is native method
}
else
{
throw new NotSupportedException();
}
return reader;
}
然后我用它们就像
using (var reader = cmd.ExecutePagedReader(pageIndex, pageSize, out pagingInformation))
{
while (await reader.ReadAsync(cancellationToken))
{
result.Add(reader[0].ToString());
}
}
$"SELECT COUNT(*) FROM ({dbCommand.CommandText}) Q";
受
SQL注入
Devart针对Oracle的DotConnect
OracleDataReader
它使用
ExecutePageReader
. 我对它进行了反编译,据我所知,他们正在使用StringBuilder生成支持分页的查询。然而,代码是明显的,我不能以解决方案结束。
$”选择计数(*)自({dbCommand.CommandText})Q“;
dbCommand.CommandText
由参数化查询构造(无字符串连接)
