我試圖執行從C#中的parametrised查詢工作,我得到的錯誤:解析錯誤從C#parametrised查詢,但在的pgAdmin III
ERROR: XX000: parse error - invalid geometry
與提示
"POLYGON((:m" <-- parse error at position 11 within geometry
但當我在pgAdmin III中運行查詢並用它們的值替換參數時,查詢就起作用了。該代碼是
command.CommandText = "SELECT area_code FROM area WHERE ST_INTERSECTS(ST_GeographyFromText('POLYGON((:minx :miny, :minx :maxy, :maxx :maxy, :maxx :miny, :minx :miny))'), shape) AND area_type_code = :typecode";
command.CommandType = CommandType.Text;
var typeCodeParameter = new NpgsqlParameter
{
DbType = DbType.String,
ParameterName = "typecode",
Value = _typeCode
};
var minxParameter = new NpgsqlParameter
{
DbType = DbType.Double,
ParameterName = "minx",
Value = _minX
};
var minyParameter = new NpgsqlParameter
{
DbType = DbType.Double,
ParameterName = "miny",
Value = _minY
};
var maxxParameter = new NpgsqlParameter
{
DbType = DbType.Double,
ParameterName = "maxx",
Value = _maxX
};
var maxyParameter = new NpgsqlParameter
{
DbType = DbType.Double,
ParameterName = "maxy",
Value = _maxY
};
command.Parameters.Add(typeCodeParameter);
command.Parameters.Add(maxxParameter);
command.Parameters.Add(maxyParameter);
command.Parameters.Add(minxParameter);
command.Parameters.Add(minyParameter);
using (var reader = command.ExecuteReader())
while (reader.Read())
areas.Add((string)reader["area_code"]);
和工作查詢
SELECT area_code FROM area WHERE ST_INTERSECTS(ST_GeographyFromText('POLYGON((-1.0042576967558934 50.78431084582985, -1.0042576967558934 51.199216033050647, 1.9400782407441057 51.199216033050647, 1.9400782407441057 50.78431084582985, -1.0042576967558934 50.78431084582985))'), shape) AND area_type_code = 'County'
我在做什麼錯?我應該如何設置minx,miny,maxx,maxy參數?
謝謝,這是有道理的。我已經想出了一個解決方法,我使用string.Format將座標參數放入SQL字符串中。這應該是從SQL注入安全的,因爲它們是double類型的,所以沒有什麼討厭的東西可以進入SQL命令。 –
@AndyNichols您實際上不需要直接將其放入SQL字符串中 - 只需將「ST_GeographyFromText」的整個參數作爲單個字符串參數傳遞即可。除非'ST_GeographyFromText'函數確實有些奇怪,否則它應該是完全安全的,並且您將獲得執行計劃的重用。 – Luaan