处理SQL拼接时，防止字段中出现SQL关键字而导致错误。

08166523 · s0611163 · 90311313 · 08166523 · 08166523 · 08166523
3 changed file
--- a/Dapper.LiteSql/Dapper.LiteSql/SqlString/ISqlString.cs
+++ b/Dapper.LiteSql/Dapper.LiteSql/SqlString/ISqlString.cs
@@ -226,6 +226,7 @@ namespace Dapper.LiteSql
        /// </summary>
        SqlValue ForList(IList list);
+        #region 增删改查接口
        /// <summary>
        /// 查询实体
        /// </summary>
@@ -359,6 +360,7 @@ namespace Dapper.LiteSql
        /// 给定一条查询SQL，返回其查询结果的数量
        /// </summary>
        Task<CountResult> QueryCountAsync(int pageSize);
+        #endregion
    }
 }
--- a/Dapper.LiteSql/Dapper.LiteSql/SqlString/SqlString.cs
+++ b/Dapper.LiteSql/Dapper.LiteSql/SqlString/SqlString.cs
@@ -374,7 +374,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlString Where(string sql, params object[] args)
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
            {
                return Append("and " + sql, args);
            }
@@ -391,7 +391,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlQueryable<T> Where<T>(string sql, params object[] args) where T : new()
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
            {
                return Append<T>("and " + sql, args);
            }
@@ -411,7 +411,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlString WhereIf(bool condition, string sql, params object[] args)
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
            {
                return AppendIf(condition, "and " + sql, args);
            }
@@ -429,7 +429,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlQueryable<T> WhereIf<T>(bool condition, string sql, params object[] args) where T : new()
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
            {
                return AppendIf<T>(condition, "and " + sql, args);
            }
@@ -448,7 +448,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlString Having(string sql, params object[] args)
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("having"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" having "))
            {
                return Append("and " + sql, args);
            }
@@ -465,7 +465,7 @@ namespace Dapper.LiteSql
        /// <param name="args">参数(支持多个参数或者把多个参数放在一个匿名对象中)</param>
        public ISqlQueryable<T> Having<T>(string sql, params object[] args) where T : new()
        {
-            if (RemoveSubSqls(_sql.ToString()).Contains("having"))
+            if (RemoveSubSqls(_sql.ToString()).Contains(" having "))
            {
                return Append<T>("and " + sql, args);
            }

--- a/Dapper.LiteSql/Dapper.LiteSql/SqlString/SqlStringT.cs
+++ b/Dapper.LiteSql/Dapper.LiteSql/SqlString/SqlStringT.cs
@@ -109,7 +109,7 @@ namespace Dapper.LiteSql
                    result = ParamsAddRange(dbParameters, result);
                }
-                if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+                if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
                {
                    _sql.Append(" and " + result);
                }
@@ -146,7 +146,7 @@ namespace Dapper.LiteSql
                    result = ParamsAddRange(dbParameters, result);
                }
-                if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+                if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
                {
                    _sql.Append(" and " + result);
                }
@@ -183,7 +183,7 @@ namespace Dapper.LiteSql
                    result = ParamsAddRange(dbParameters, result);
                }
-                if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+                if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
                {
                    _sql.Append(" and " + result);
                }
@@ -220,7 +220,7 @@ namespace Dapper.LiteSql
                    result = ParamsAddRange(dbParameters, result);
                }
-                if (RemoveSubSqls(_sql.ToString()).Contains("where"))
+                if (RemoveSubSqls(_sql.ToString()).Contains(" where "))
                {
                    _sql.Append(" and " + result);
                }
@@ -248,7 +248,7 @@ namespace Dapper.LiteSql
            DbParameter[] dbParameters;
            string sql = condition.VisitLambda(expression, out dbParameters);
-            if (!_sql.ToString().Contains("order by"))
+            if (!_sql.ToString().Contains(" order by "))
            {
                _sql.AppendFormat(" order by {0} asc ", sql);
            }
@@ -271,7 +271,7 @@ namespace Dapper.LiteSql
            DbParameter[] dbParameters;
            string sql = condition.VisitLambda(expression, out dbParameters);
-            if (!_sql.ToString().Contains("order by"))
+            if (!_sql.ToString().Contains(" order by "))
            {
                _sql.AppendFormat(" order by {0} desc ", sql);
            }
@@ -390,9 +390,9 @@ namespace Dapper.LiteSql
            {
                sql = sql + subSql.SQL;
            }
-            if (_sql.ToString().Contains("from"))
+            if (_sql.ToString().Contains(" from "))
            {
-                string[] leftRigth = _sql.ToString().Split(new string[] { "from" }, StringSplitOptions.None);
+                string[] leftRigth = _sql.ToString().Split(new string[] { " from " }, StringSplitOptions.None);
                string left = leftRigth[0];
                string right = leftRigth[1];
@@ -454,9 +454,9 @@ namespace Dapper.LiteSql
                }
            }
-            if (_sql.ToString().Contains("from"))
+            if (_sql.ToString().Contains(" from "))
            {
-                string[] leftRigth = _sql.ToString().Split(new string[] { "from" }, StringSplitOptions.None);
+                string[] leftRigth = _sql.ToString().Split(new string[] { " from " }, StringSplitOptions.None);
                string left = leftRigth[0];
                string right = leftRigth[1];
@@ -493,9 +493,9 @@ namespace Dapper.LiteSql
            ExpressionHelper<U> condition2 = new ExpressionHelper<U>(this, _provider, _dbParameterNames, SqlStringMethod.Select);
            string sql2 = condition.VisitLambda(expression2, out dbParameters);
-            if (_sql.ToString().Contains("from"))
+            if (_sql.ToString().Contains(" from "))
            {
-                string[] leftRigth = _sql.ToString().Split(new string[] { "from" }, StringSplitOptions.None);
+                string[] leftRigth = _sql.ToString().Split(new string[] { " from " }, StringSplitOptions.None);
                string left = leftRigth[0];
                string right = leftRigth[1];