From 168973791dfc5262274b5cd71846b4243c7f3abd Mon Sep 17 00:00:00 2001
From: falcon <9504402@qq.com>
Date: Thu, 27 May 2021 12:02:18 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0RunRaw=E6=96=B9=E6=B3=95?=
 =?UTF-8?q?=E6=89=A7=E8=A1=8C=E5=8E=9F=E5=A7=8Bsql=E8=AF=AD=E5=8F=A5?=
 =?UTF-8?q?=EF=BC=8C=E8=AF=A5=E6=96=B9=E6=B3=95=E5=AD=98=E5=9C=A8sql?=
 =?UTF-8?q?=E6=B3=A8=E5=85=A5=E9=A3=8E=E9=99=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Falcon.StoredProcedureRunner/IRunner.cs |  8 +++++
 src/Falcon.StoredProcedureRunner/Runner.cs  | 35 +++++++++++++++++++++
 2 files changed, 43 insertions(+)

diff --git a/src/Falcon.StoredProcedureRunner/IRunner.cs b/src/Falcon.StoredProcedureRunner/IRunner.cs
index 569bd3f..b24f21f 100644
--- a/src/Falcon.StoredProcedureRunner/IRunner.cs
+++ b/src/Falcon.StoredProcedureRunner/IRunner.cs
@@ -26,5 +26,13 @@ namespace Falcon.StoredProcedureRunner
         /// <param name="data">执行参数</param>
         /// <returns>查询结果枚举</returns>
         IEnumerable<object> Run(DbContext db,Type prarmType,Type returnType ,object data) ;
+
+        /// <summary>
+        /// （存在sql注入风险）执行Sql语句，并将数据库返回结果以json数据对象返回。
+        /// </summary>
+        /// <param name="db">数据上下文</param>
+        /// <param name="sql">要执行的sql语句</param>
+        /// <returns>数据库返回值json格式</returns>
+        string RunRaw(DbContext db,string sql);
     }
 }
diff --git a/src/Falcon.StoredProcedureRunner/Runner.cs b/src/Falcon.StoredProcedureRunner/Runner.cs
index 8ab0945..e1fb9ed 100644
--- a/src/Falcon.StoredProcedureRunner/Runner.cs
+++ b/src/Falcon.StoredProcedureRunner/Runner.cs
@@ -4,6 +4,7 @@ using System.Data;
 using System.Data.Common;
 using System.Linq;
 using System.Reflection;
+using System.Text;
 using Microsoft.Data.SqlClient;
 using Microsoft.EntityFrameworkCore;
 
@@ -72,8 +73,42 @@ namespace Falcon.StoredProcedureRunner
                 return result;
             }
         }
+
+        /// <summary>
+        /// （存在sql注入风险）执行Sql语句，并将数据库返回结果以json数据对象返回。
+        /// </summary>
+        /// <param name="db">数据上下文</param>
+        /// <param name="sql">要执行的sql语句</param>
+        /// <returns>数据库返回值json格式</returns>
+        public string RunRaw(DbContext db,string sql) {
+            var connection = db.Database.GetDbConnection();
+            using(var cmd = connection.CreateCommand()) {
+                cmd.CommandText = sql;
+                cmd.CommandType = System.Data.CommandType.Text;
+                connection.Open();
+                var dr = cmd.ExecuteReader();
+                var result = new StringBuilder();
+                if(!dr.CanGetColumnSchema())
+                    return "";
+                while(dr.Read()) {
+                    var item = new StringBuilder();
+                    var columnSchema = dr.GetColumnSchema();
+                    for(var i = 0;i < columnSchema.Count;i++) {
+                        var name = dr.GetName(i);
+                        var value = dr.IsDBNull(i) ? null : dr.GetValue(i);
+                        item.Append($"\"{name}\":\"{value}\",");
+                    }
+                    result.Append($"{{{item.ToString().TrimEnd(',')}}},");
+                }
+                connection.Close();
+                return "[" + result.ToString().TrimEnd(',') + "]";
+            }
+        }
     }
 
+    /// <summary>
+    /// 内部保护方法
+    /// </summary>
     public partial class Runner
     {
         /// <summary>