Linq with linq query [modified]
-
Hi There, The query given below is my linq query but right now had taken it in string. string Query= 'FROM D IN DC.DEPTs where D.DeptNM =='"+ Desc +"' && D.CompID==2 && D.CompCd=1 select new { D.DeptNM}' Now I want to convert it to IQueryable Query.Can anybody tell me how to do this. Thanks. JavaScript Code:- function CheckDesc() { debugger; var Desc=document.getElementById('<%=TextBox1.ClientID%>').value; AccWebService.CheckDesc('FROM D IN DC.DEPTs where D.DeptNM =='"+ Desc +"' && D.CompID==2 && D.CompCd==1 select new {D.DeptNM}',OnSucess,OnFailed); } WebService Code:- Web method:- public bool CheckDesc(string Query) { string str = MyConnection.GetColumn(Query1); return true; //GetColumn is my method which present in my MyConnection class which is I Created using linq .GetColumn Takes IQueryable query as parameter. Now I want to convert this string Query to IQueryable query }
modified on Friday, June 19, 2009 5:47 AM
-
Hi There, The query given below is my linq query but right now had taken it in string. string Query= 'FROM D IN DC.DEPTs where D.DeptNM =='"+ Desc +"' && D.CompID==2 && D.CompCd=1 select new { D.DeptNM}' Now I want to convert it to IQueryable Query.Can anybody tell me how to do this. Thanks. JavaScript Code:- function CheckDesc() { debugger; var Desc=document.getElementById('<%=TextBox1.ClientID%>').value; AccWebService.CheckDesc('FROM D IN DC.DEPTs where D.DeptNM =='"+ Desc +"' && D.CompID==2 && D.CompCd==1 select new {D.DeptNM}',OnSucess,OnFailed); } WebService Code:- Web method:- public bool CheckDesc(string Query) { string str = MyConnection.GetColumn(Query1); return true; //GetColumn is my method which present in my MyConnection class which is I Created using linq .GetColumn Takes IQueryable query as parameter. Now I want to convert this string Query to IQueryable query }
modified on Friday, June 19, 2009 5:47 AM
Your opening yourself up to SQL Injection attacks (http://en.wikipedia.org/wiki/SQL_injection[^]) doing it this way. What you need is:
function CheckDesc()
{
...
debugger;
var Desc=document.getElementById('<%=TextBox1.ClientID%>').value;
AccWebService.CheckDesc(Desc);
...
}WebService Code:- Web method:-
public bool CheckDesc(string departmemtName)
{
...
IQueryable query = FROM D IN DC.DEPTs
where D.DeptNM == departmemtName &&
D.CompID == 2 &&
D.CompCd == 1
select new {D.DeptNM}',OnSucess,OnFailed;...}
I've not checked this code, but hopefully you get the idea!
-
Your opening yourself up to SQL Injection attacks (http://en.wikipedia.org/wiki/SQL_injection[^]) doing it this way. What you need is:
function CheckDesc()
{
...
debugger;
var Desc=document.getElementById('<%=TextBox1.ClientID%>').value;
AccWebService.CheckDesc(Desc);
...
}WebService Code:- Web method:-
public bool CheckDesc(string departmemtName)
{
...
IQueryable query = FROM D IN DC.DEPTs
where D.DeptNM == departmemtName &&
D.CompID == 2 &&
D.CompCd == 1
select new {D.DeptNM}',OnSucess,OnFailed;...}
I've not checked this code, but hopefully you get the idea!
Thanks For Reply , The way you told is goind to work.But I am using linq with webservice to validate description for every page.So the field names in my query are not going to remain same. As the page chage then that field names also going to chages.Thats why I am passing linq queries from that respected pages where I have to check Description.
-
Thanks For Reply , The way you told is goind to work.But I am using linq with webservice to validate description for every page.So the field names in my query are not going to remain same. As the page chage then that field names also going to chages.Thats why I am passing linq queries from that respected pages where I have to check Description.
IIRC you can create the expression tree through code and execute it yourself, can't see the point of doing it in this instance tho, you might as well just avoid linq all together for what you're trying to achieve.
-
Thanks For Reply , The way you told is goind to work.But I am using linq with webservice to validate description for every page.So the field names in my query are not going to remain same. As the page chage then that field names also going to chages.Thats why I am passing linq queries from that respected pages where I have to check Description.
I don't think you can convert the string to LINQ anyway, but I could be wrong. Assuming you can, someone accessing your web-service could potentially add malicious LINQ code (like the SQL dependancy injection I mentioned in my last post) which would breach the security of your system. In effect you'd be giving anyone with a enough technical knowledge the ability to execute code they'd written on your server, which is very dangerous. If the LINQ query is going to change between pages this suggests that either you should have multiple validation methods on your service per page/ set of field names. If this would lead to too many methods you could pass up a page identifier and select a "where" predicate, one possible solution might look like:
// Syntax1 bool DefaultPredicate(YourClassType value) { return value.CompCd == 2; //Or whatever. } bool predicatePage1(YourClassType value) { return value.CompCd == 2; //Or whatever. } //Syntax2 Func<YourClassType, bool> predicatePage2 = (x) => x.CompID == 2 && x.CompCd == 1 ; private Func<YourClassType, bool> GetPredicate(int pageNumber) { if(pageNumber == 1) return predicatePage1; if (pageNumber == 2) return predicatePage2; return DefaultPredicate; } //Page number could be string page code etc. there is probably a way to get this without //needing to pass it up form the HTTP Context if you want to avoid having to remember to //send this up each time. public bool CheckDesc(string departmemtName, int pageNumber) { ... Func<YourClassType, bool> predicate = GetPredicate(pageNumber); var val = DC.DEPTS.Where(predicate).Select(x => x.DeptNM); ... }Having said that, I suspect there will be a better solution than the above as the need to make such verification on a per-page basis implies that there is an underlying design flaw that could be refactored out. Hope this helps!!!