У меня запрос Oracle только с одной переменной привязки в конце. Тогда я хочу использовать IDbConnection с OracleDynamicParameters. Как добавить / связать переменную? Благодарю вас! Меня попросили сделать так, чтобы избежать инъекции SQL. Не уверен, что это правильный подход.
public IPagedResults<IrTransferRecord> GetIrTransferRecords(string destinationBu)
{
string query = string.Format(@" SELECT *
FROM(SELECT ROW_NUMBER() OVER(ORDER BY destinationbu ASC) rn,
COUNT(*) OVER() AS totalrecords,
q.*
FROM(SELECT destination_bu as destinationbu,
part_no as part,
qty,
fulfillment_bu as fulfillmentbu,
load_date as loaddate,
request_date as requestdate,
control,
status,
return_source as returnsource,
last_maint_dttm as lastmaintdate,
last_maint_user as lastmaintuser
FROM(SELECT irt.to_bu AS destination_bu,
irt.item_id AS part_no,
irt.qty,
irt.from_bu AS fulfillment_bu,
'' AS load_date,
irt.req_date AS request_date,
irt.control_number AS control,
stat.status_description AS status,
'SYSTEM' AS return_source,
irt.last_maint_dttm,
emp.username AS last_maint_user,
br.region,
br.district
FROM ir_transfers irt
JOIN ir_status stat ON(irt.complete_flg = stat.status_code)
JOIN dw_branch br ON(irt.from_bu = br.branch_code)
LEFT OUTER JOIN dw_employee emp ON(irt.last_maint_employee_id = emp.employee_id)
WHERE NOT EXISTS
(SELECT 1
FROM ir_br_manual_request man
WHERE irt.prop_transfer_id = man.ir_manual_request_id))
WHERE (destination_bu = @des) /* Here I have the variable */
) q) ");
using (IDbConnection connection = this.connectionProvider.GetOpenConnection())
{
using (OracleDynamicParameters p = new OracleDynamicParameters())
{
// Here I need to bind destinationBu into my oracle query before I execute.
return connection.QueryPagedOracleSql<IrTransferRecord>(query, param: p);
}
}
}