c# - 对多个表执行全文搜索

Question

我在我的 asp.net 站点中实现了全文搜索，该搜索在搜索一张表时有效。但是，我希望用户能够同时搜索两个完全不同的表。我正在尝试使用以下代码:

  public List<Article> Search(List<string> keywords)
    { 
        StringBuilder sqlBuilder = new StringBuilder();
        sqlBuilder.Append("select [aName],[aDesc] from [Table1]  union select [bName],[bDesc] from [Table2] where");

        foreach (string item in keywords)
        {
            sqlBuilder.AppendFormat("([bName] like '%{0}%' or [bDesc] like '%{0}%') and ", item);
        }


       //foreach (string item in keywords)
        //{
            //sqlBuilder.AppendFormat("([aName] like '%{0}%' or [aDesc] like '%{0}%') and    ", item);
       //}


        string sql = sqlBuilder.ToString(0, sqlBuilder.Length - 4);
        return QueryList(sql);

    }

此代码始终显示第一个表中的所有记录，并且仅对第二个表执行搜索。现在这显然是因为我在 sql 语句中没有第一个表的“where”。我不知道如何使用不同的“foreach”循环来实现每个表的“where”。有什么建议吗？

Answer 1

UNION 将连接两个不同查询的结果。并集在每个查询执行完毕后应用，因此您需要两个 WHERE 子句:

select [aName],[aDesc] from [Table1]
where ([aName] like '%{0}%' or [aDesc] like '%{0}%')

union

select [bName],[bDesc] from [Table2]
where ([bName] like '%{0}%' or [bDesc] like '%{0}%')

代码中最简单的实现涉及分别构建两个查询，然后将它们连接在一起:

StringBuilder sqlBuilder = new StringBuilder();
sqlBuilder.Append("select [aName],[aDesc] from [Table1] where ");
foreach (string item in keywords)
{
    sqlBuilder.AppendFormat(
        "([aName] like '%{0}%' or [aDesc] like '%{0}%') and ", item);
}

// That last "AND" requires a boolean statement to follow
// 1=1 will always return true and thus will not affect
// the result of your WHERE clause.
sqlBuilder.Append("1 = 1 ");

sqlBuilder.Append("UNION select [bName],[bDesc] from [Table2] where ");
foreach (string item in keywords)
{
    sqlBuilder.AppendFormat(
        "([bName] like '%{0}%' or [bDesc] like '%{0}%') and ", item);
}

foreach 循环的替代方案:

sqlBuilder.Append("select [aName],[aDesc] from [Table1] where ");
sqlBuilder.Append(
    string.Join(
        " and ",
        keywords.Select( k => string.Format( 
            "([aName] like '%{0}%' or [aDesc] like '%{0}%')", k )
        .ToArray()
    )
)

sqlBuilder.Append("UNION select [bName],[bDesc] from [Table2] where ");
sqlBuilder.Append(
    string.Join(
        " and ",
        keywords.Select( k => string.Format( 
            "([bName] like '%{0}%' or [bDesc] like '%{0}%')", k )
        .ToArray()
    )
)

但请注意，这将是一个极其效率低下的查询。如果您要搜索的行数超过数百行，我强烈建议您考虑其他方法。

此外，您似乎容易受到 SQL Injection attacks 的攻击。除非您已经事先手动清理输入，否则您应该考虑 protecting yourself .