【EF框架】使用params參數傳值防止SQL註入報錯處理
阿新 • • 發佈:2017-05-23
collect oar mapping cnblogs ken datetime nbsp .com src
通過SqlParameter傳時間參數,代碼如下:
var param = new List<SqlParameter>(); param.Add(new SqlParameter("@StartTime", DateTime.Parse(req.StartTime))); param.Add(new SqlParameter("@EndTime", DateTime.Parse(req.EndTime))); response.List = _ctx.Database.SqlQuery<ReceiveSummeryItem>(sql, param.ToList()).ToList();
結果一直報錯
不存在從對象類型 System.Collections.Generic.List`1[[System.Data.SqlClient.SqlParameter, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] 到已知的托管提供程序本機類型的映射。
英文報錯
No mapping exists from object type System.Collections.Generic.List`1[[System.Data.SqlClient.SqlParameter, System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]] to a known managed provider native type.
通過搜索
https://stackoverflow.com/questions/9149919/no-mapping-exists-from-object-type-system-collections-generic-list-when-executin
看到後面的ToList() 改成 ToArray()
var param = new List<SqlParameter>(); param.Add(new SqlParameter("@StartTime", DateTime.Parse(req.StartTime))); param.Add(new SqlParameter("@EndTime", DateTime.Parse(req.EndTime))); response.List = _ctx.Database.SqlQuery<ReceiveSummeryItem>(sql, param.ToArray()).ToList(); response.TotalCount = response.List.Count();
結果好了,真神奇!
搞定!
【EF框架】使用params參數傳值防止SQL註入報錯處理