DataWeb
Search Results for

    Show / Hide Table of Contents

    Class Query

    Builds and compiles parameterized SQL queries with support for multiple tables, relations, filtering, grouping, ordering, and pagination. Provides comprehensive SQL injection prevention through input validation (whitelist for table/field names, blacklist for dangerous keywords) and parameterized query construction. Supports advanced features including version control, culture filtering, permission-based visibility, and multi-table relation handling (Sibling, FirstChild, DataField relations).

    Inheritance
    object
    Query
    Inherited Members
    object.Equals(object)
    object.Equals(object, object)
    object.GetHashCode()
    object.GetType()
    object.MemberwiseClone()
    object.ReferenceEquals(object, object)
    object.ToString()
    Namespace: DataWeb.Data.SqlServer
    Assembly: DataWeb.Data.SqlServer.dll
    Syntax
    public class Query

    Properties

    Count

    Maximum rows to return via TOP clause. 0 = all.

    Declaration
    public int Count { get; set; }
    Property Value
    Type Description
    int

    Culture

    Culture code for culture-specific filtering.

    Declaration
    public string Culture { get; set; }
    Property Value
    Type Description
    string

    EditFields

    Field assignments for INSERT and UPDATE operations.

    Declaration
    public List<Query.EditField> EditFields { get; set; }
    Property Value
    Type Description
    List<Query.EditField>

    Filters

    WHERE filters. Use AddFilter(string, string, object, SqlDbType?, int?, FilterMode, FilterCondition) to add entries.

    Declaration
    public List<Query.Filter> Filters { get; set; }
    Property Value
    Type Description
    List<Query.Filter>

    GroupFields

    Fields for GROUP BY clause.

    Declaration
    public string[] GroupFields { get; set; }
    Property Value
    Type Description
    string[]

    IsAllVersions

    Indicates whether all versions of records should be included.

    Declaration
    public bool IsAllVersions { get; set; }
    Property Value
    Type Description
    bool

    IsOrderByPosition

    Indicates whether ORDER BY should use column positions instead of names.

    Declaration
    public bool IsOrderByPosition { get; set; }
    Property Value
    Type Description
    bool

    IsPagination

    Indicates whether pagination should be applied to the query results.

    Declaration
    public bool IsPagination { get; set; }
    Property Value
    Type Description
    bool

    Mode

    Query mode: Select, Insert, Update, or Delete.

    Declaration
    public QueryMode Mode { get; set; }
    Property Value
    Type Description
    QueryMode

    OrderFields

    Fields for ORDER BY clause.

    Declaration
    public string[] OrderFields { get; set; }
    Property Value
    Type Description
    string[]

    PageIndex

    Zero-based page index for pagination.

    Declaration
    public long PageIndex { get; set; }
    Property Value
    Type Description
    long

    PageSize

    Number of rows per page. Default is 50.

    Declaration
    public int PageSize { get; set; }
    Property Value
    Type Description
    int

    Parameters

    Query parameters bound to filter expressions.

    Declaration
    public List<SqlParameter> Parameters { get; set; }
    Property Value
    Type Description
    List<SqlParameter>

    PublishMode

    Publish mode for the query (e.g., Live, Draft).

    Declaration
    public PublishMode PublishMode { get; set; }
    Property Value
    Type Description
    PublishMode

    SelectMode

    Determines the SELECT projection: full rows or COUNT.

    Declaration
    public SelectMode SelectMode { get; set; }
    Property Value
    Type Description
    SelectMode

    SelectStatement

    Custom SELECT projection expression. If set, replaces the default *.

    Declaration
    public string SelectStatement { get; set; }
    Property Value
    Type Description
    string

    Tables

    Tables (FROM / JOIN) to include in the query.

    Declaration
    public List<Query.Table> Tables { get; set; }
    Property Value
    Type Description
    List<Query.Table>

    Methods

    AddEditField(string, object, bool)

    Adds a field assignment for INSERT and UPDATE operations.

    Declaration
    public void AddEditField(string field, object parameterValue = null, bool isExpression = false)
    Parameters
    Type Name Description
    string field

    The field name to assign a value to.

    object parameterValue

    The value to assign. If null, the parameter is set to Value.

    bool isExpression

    If true, the parameter value is treated as a SQL expression instead of a parameterized value.

    AddFilter(string, string, object, SqlDbType?, int?, FilterMode, FilterCondition)

    Adds a WHERE filter condition to the query.

    Declaration
    public void AddFilter(string filter, string parameterName = null, object parameterValue = null, SqlDbType? parameterType = null, int? parameterSize = null, FilterMode mode = FilterMode.And, FilterCondition condition = FilterCondition.Always)
    Parameters
    Type Name Description
    string filter

    The filter expression to add.

    string parameterName

    Optional parameter name for the filter value. If provided, a corresponding parameter should be supplied.

    object parameterValue

    Optional parameter value to bind to the filter.

    SqlDbType? parameterType

    Optional SQL data type for the parameter.

    int? parameterSize

    Optional size for the parameter (e.g. for varchar fields).

    FilterMode mode

    The logical mode for combining filters (AND or OR). Default is AND.

    FilterCondition condition

    The condition for applying the filter (Always or NotNull). Default is Always.

    Compile()

    Compiles the query into a parameterized SQL string.

    Declaration
    public string Compile()
    Returns
    Type Description
    string

    A parameterized SQL query string.

    Exceptions
    Type Condition
    Exception

    Thrown if no tables have been added to the query.

    CompileSelect()

    Declaration
    protected string CompileSelect()
    Returns
    Type Description
    string

    ValidateFieldName(string)

    Validates that a field name contains only alphanumeric characters, underscores, or dots. Throws ArgumentException if the name is invalid, preventing SQL injection via field name interpolation.

    Declaration
    public static void ValidateFieldName(string fieldName)
    Parameters
    Type Name Description
    string fieldName

    The field name to validate.

    Exceptions
    Type Condition
    ArgumentException

    Thrown when fieldName contains invalid characters.

    ValidateSectionPartTableName(string)

    Validates that a table name is not a reserved item system table (Sys_Masters, Sys_Relations). Throws ArgumentException if the name refers to a system table, preventing unauthorized access to internal tables.

    Declaration
    public static void ValidateSectionPartTableName(string tableName)
    Parameters
    Type Name Description
    string tableName

    The table name to validate.

    Exceptions
    Type Condition
    ArgumentException

    Thrown when tableName is a system table name.

    ValidateTableName(string)

    Validates that a table name contains only alphanumeric characters, hyphens, or underscores. Throws ArgumentException if the name is invalid, preventing SQL injection via table name interpolation.

    Declaration
    public static void ValidateTableName(string tableName)
    Parameters
    Type Name Description
    string tableName

    The table name to validate.

    Exceptions
    Type Condition
    ArgumentException

    Thrown when tableName contains invalid characters.

    In this article
    Back to top Generated by DocFX