public List GetNoticeByToUserID(Search search)
{
//search.userId=3;
string sql = "select * from Notices WHERE ID>0 ";
var param = new DynamicParameters();
sql += " AND ToUserID LIKE @toUserID";
param.Add("toUserID", "%"+search.userId.ToString()+"%" );
if (search.ID > 0)
{
sql += " AND id = @id";
param.Add("id", search.ID);
}
var NoticeState = new List();
NoticeState.AddRange(_workingDB.Query(sql, param).ToList());
string sql2 = "select * from IsReadNotices where NoticeID=@noticeID AND UserID=@uid ";
foreach (var n in NoticeState)
{
IsReadNotice isReadNotices = _workingDB.Query(sql2, new { noticeID = n.ID, uid = search.userId }).SingleOrDefault();
if (isReadNotices != null)
{
n.statusMsg = isReadNotices.statusMsg;
n.Remarks = isReadNotices.Remarks;
}
}
return NoticeState;
}
本文标题:使用dapper框架动态拼接出最安全的sql语句--多条件查询
当前URL:
http://chengdu.cdxwcx.cn/article/jphhpe.html