C#: Query composition with string manipulation and execute

56 views
Skip to first unread message

AshokG

unread,
Feb 26, 2021, 12:38:19 AM2/26/21
to RavenDB - 2nd generation document database
Hi,

I'm using C#. 
Is it possible to compose the Query using string manipulation and execute like SQL?
For example in SQL we do sql = "select id, name, age from " + tableName +
                                                         "where region ='" + region + "' and flag=1"
executeQuery(sql)

Can RQL help in this matter?

Mainly I'm experiencing issues duplicating the query code where Generic Types or Base types have commonality 

--
thanks

Igal Merhavia

unread,
Feb 28, 2021, 2:44:41 AM2/28/21
to rav...@googlegroups.com

--
You received this message because you are subscribed to the Google Groups "RavenDB - 2nd generation document database" group.
To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ravendb/68035f90-a338-4213-a1ab-1fec891aa5f7n%40googlegroups.com.

Oren Eini (Ayende Rahien)

unread,
Mar 1, 2021, 2:23:26 PM3/1/21
to ravendb
Note that when you do things like that, please avoid concating with user params, to avoid injection attacks

To view this discussion on the web visit https://groups.google.com/d/msgid/ravendb/CAADcGSm-HP8CLQTC%3DTC%2B5zTErLf%3DzOTxBadRH1RunL8nXipSzA%40mail.gmail.com.

Peter

unread,
Jul 27, 2022, 2:50:36 AM7/27/22
to RavenDB - an awesome database
Is there a way to actually use user params like in sql taking injection into account?

E.g. from Collection as a where a.Name = @name select a

Cheers!

Op maandag 1 maart 2021 om 20:23:26 UTC+1 schreef Oren Eini:

Igal Merhavia

unread,
Jul 27, 2022, 5:19:32 AM7/27/22
to rav...@googlegroups.com
Hi,

You can do something like this:
session.Advanced.RawQuery<Payment>("from index 'PaymentAll' where AmountLeft == $pq").AddParameter("pq", 0).ToList();

Best regards,
Igal

You received this message because you are subscribed to the Google Groups "RavenDB - an awesome database" group.

To unsubscribe from this group and stop receiving emails from it, send an email to ravendb+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/ravendb/a42263e0-25b7-49bf-a65c-05e081b19f80n%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages