Add support for parameterized statements for Oracle

SqlExpression visting logic can now convert (parameterize) parts of expression to sql placeholder,
with corresponding parameter whose value is set to the unquoted value derived from expression.
i tried to put the parameterization logic on top of existing code, to avoid changing any existing logic.
the only place where i did change existing code is here in SqlExpression.VisitBinary:
    if (operand == "AND" || operand == "OR")
    {
        ...
        if (left as PartialSqlString == null && right as PartialSqlString == null)
        {
            var result = Expression.Lambda(b).Compile().DynamicInvoke();
            return result;
        }
        ...
where the result object is returned without being cast to a PartialSqlString.  this is to
avoid having the result being quoted twice when parameterization is disabled.  this change did
not seem to cause any unit test failure.

parameterization is disabled by default; OracleOrmLiteDialectProvider constructor accepts input to enable the parameterization.

updated as many OrmLite apis as was necessary to get Oracle unit tests to pass, using overloads and optional
arguments to maintain backward compatibility.  did not update any JoinSqlBuilder api as that class is marked obsolete, so
there is a JoinSqlBuilderTest unit test that fails with "not all variables bound" error when parameterization is enabled.

Author: yuinlin

src/ServiceStack.OrmLite.Oracle.Tests/ServiceStack.OrmLite.Oracle.Tests.csproj

@@ -148,6 +148,9 @@
     <Compile Include="..\..\tests\ServiceStack.OrmLite.Tests\Expression\SelectExpressionTests.cs">
       <Link>Expression\SelectExpressionTests.cs</Link>
     </Compile>
+    <Compile Include="..\..\tests\ServiceStack.OrmLite.Tests\Expression\SqlExpressionParamTests.cs">
+      <Link>Expression\SqlExpressionParamTests.cs</Link>
+    </Compile>
     <Compile Include="..\..\tests\ServiceStack.OrmLite.Tests\Expression\SqlExpressionTests.cs">
       <Link>Expression\SqlExpressionTests.cs</Link>
     </Compile>

src/ServiceStack.OrmLite.Oracle/OracleOrmLiteDialectProvider.cs

@@ -59,15 +59,18 @@ public static OracleOrmLiteDialectProvider Instance
         private readonly DbProviderFactory _factory;
         private readonly OracleTimestampConverter _timestampConverter;
 
+        public bool ParameterizeStatement;
+
         public OracleOrmLiteDialectProvider()
             : this(false, false)
         {
         }
 
-        public OracleOrmLiteDialectProvider(bool compactGuid, bool quoteNames, string clientProvider = OdpProvider)
+        public OracleOrmLiteDialectProvider(bool compactGuid, bool quoteNames, string clientProvider = OdpProvider, bool parameterizeStatement = false)
         {
             ClientProvider = clientProvider;
             CompactGuid = compactGuid;
+            ParameterizeStatement = parameterizeStatement;
             QuoteNames = quoteNames;
             BoolColumnDefinition = "NUMBER(1)";
             GuidColumnDefinition = CompactGuid ? CompactGuidDefinition : StringGuidDefinition;
@@ -298,6 +301,73 @@ public override string GetQuotedValue(object value, Type fieldType)
             return base.GetQuotedValue(value, fieldType);
         }
 
+        public override object GetValue(object value, Type fieldType)
+        {
+            if (!ParameterizeStatement)
+                return GetQuotedValue(value, fieldType);
+
+            if (value == null) return DBNull.Value;
+
+            if (fieldType == typeof(Guid))
+            {
+                var guid = (Guid)value;
+
+                if (CompactGuid)
+                    return guid.ToByteArray();
+
+                return guid.ToString();
+            }
+
+            if (fieldType == typeof(DateTimeOffset) || fieldType == typeof(DateTimeOffset?))
+            {
+                return GetQuotedDateTimeOffsetValue((DateTimeOffset)value);
+            }
+
+            if ((value is TimeSpan) && (fieldType == typeof(Int64) || fieldType == typeof(Int64?)))
+            {
+                var longValue = ((TimeSpan)value).Ticks;
+                return base.GetQuotedValue(longValue, fieldType);
+            }
+
+            if (fieldType == typeof(TimeSpan))
+                return ((TimeSpan)value).Ticks;
+
+            if (fieldType == typeof(bool?) || fieldType == typeof(bool))
+            {
+                var boolValue = (bool)value;
+                return boolValue ? 1 : 0;
+            }
+
+            if (fieldType.IsEnum)
+            {
+                if (value is int && !fieldType.IsEnumFlags())
+                {
+                    value = fieldType.GetEnumName(value);
+                }
+
+                var enumValue = StringSerializer.SerializeToString(value);
+                // Oracle stores empty strings in varchar columns as null so match that behavior here
+                if (enumValue == null)
+                    return null;
+                enumValue = enumValue.Trim('"');
+                return enumValue == ""
+                    ? "null"
+                    : enumValue;
+            }
+
+            if (fieldType == typeof(byte[]))
+            {
+                return "hextoraw('" + BitConverter.ToString((byte[])value).Replace("-", "") + "')";
+            }
+
+            if (fieldType.IsRefType())
+            {
+                return StringSerializer.SerializeToString(value);
+            }
+
+            return value;
+        }
+
         const string IsoDateFormat = "yyyy-MM-dd";
         const string IsoTimeFormat = "HH:mm:ss";
         const string IsoMillisecondFormat = "fffffff";

src/ServiceStack.OrmLite.Oracle/OracleSqlExpression.cs

@@ -31,6 +31,20 @@ protected override object VisitColumnAccessMethod(MethodCallExpression m)
             }
             return base.VisitColumnAccessMethod(m);
         }
+
+        protected override void ConvertToPlaceholderAndParameter(ref object right, Expression rightExpression)
+        {
+            if (!((OracleOrmLiteDialectProvider)DialectProvider).ParameterizeStatement)
+                return;
+
+            var paramName = Params.Count.ToString();
+            var paramValue = right;
+
+            var parameter = CreateParam(paramName, paramValue);
+            Params.Add(parameter);
+
+            right = parameter.ParameterName;
+        }
     }
 }
 

src/ServiceStack.OrmLite/Expressions/ReadExpressionCommandExtensions.cs

@@ -14,21 +14,21 @@ internal static List<T> Select<T>(this IDbCommand dbCmd, Func<SqlExpression<T>,
             var expr = dbCmd.GetDialectProvider().SqlExpression<T>();
             string sql = expression(expr).SelectInto<T>();
 
-            return dbCmd.ExprConvertToList<T>(sql);
+            return dbCmd.ExprConvertToList<T>(sql, expr.Params);
         }
 
         internal static List<Into> Select<Into, From>(this IDbCommand dbCmd, Func<SqlExpression<From>, SqlExpression<From>> expression)
         {
             var expr = dbCmd.GetDialectProvider().SqlExpression<From>();
             string sql = expression(expr).SelectInto<Into>();
 
-            return dbCmd.ExprConvertToList<Into>(sql);
+            return dbCmd.ExprConvertToList<Into>(sql, expr.Params);
         }
 
         internal static List<Into> Select<Into, From>(this IDbCommand dbCmd, SqlExpression<From> expression)
         {
             string sql = expression.SelectInto<Into>();
-            return dbCmd.ExprConvertToList<Into>(sql);
+            return dbCmd.ExprConvertToList<Into>(sql, expression.Params);
         }
 
         internal static List<T> Select<T>(this IDbCommand dbCmd, SqlExpression<T> expression)
@@ -43,7 +43,7 @@ internal static List<T> Select<T>(this IDbCommand dbCmd, Expression<Func<T, bool
             var expr = dbCmd.GetDialectProvider().SqlExpression<T>();
             string sql = expr.Where(predicate).SelectInto<T>();
 
-            return dbCmd.ExprConvertToList<T>(sql);
+            return dbCmd.ExprConvertToList<T>(sql, expr.Params);
         }
 
         internal static T Single<T>(this IDbCommand dbCmd, Func<SqlExpression<T>, SqlExpression<T>> expression)
@@ -63,7 +63,7 @@ internal static T Single<T>(this IDbCommand dbCmd, SqlExpression<T> expression)
         {
             string sql = expression.Limit(1).SelectInto<T>();
 
-            return dbCmd.ExprConvertTo<T>(sql);
+            return dbCmd.ExprConvertTo<T>(sql, expression.Params);
         }
 
         public static TKey Scalar<T, TKey>(this IDbCommand dbCmd, Expression<Func<T, TKey>> field)
@@ -80,7 +80,7 @@ internal static TKey Scalar<T, TKey>(this IDbCommand dbCmd,
             var ev = dbCmd.GetDialectProvider().SqlExpression<T>();
             ev.Select(field).Where(predicate);
             string sql = ev.SelectInto<T>();
-            return dbCmd.Scalar<TKey>(sql);
+            return dbCmd.Scalar<TKey>(ev.Params, sql);
         }
 
         internal static long Count<T>(this IDbCommand dbCmd)
@@ -108,12 +108,12 @@ internal static long Count<T>(this IDbCommand dbCmd, Expression<Func<T, bool>> p
             var ev = dbCmd.GetDialectProvider().SqlExpression<T>();
             ev.Where(predicate);
             var sql = ev.ToCountStatement();
-            return GetCount(dbCmd, sql);
+            return GetCount(dbCmd, sql, ev.Params);
         }
 
-        internal static long GetCount(this IDbCommand dbCmd, string sql)
+        internal static long GetCount(this IDbCommand dbCmd, string sql, IEnumerable<IDbDataParameter> sqlParams = null)
         {
-            return dbCmd.Column<long>(sql).Sum();
+            return dbCmd.Column<long>(sqlParams, sql).Sum();
         }
 
         internal static long RowCount<T>(this IDbCommand dbCmd, SqlExpression<T> expression)

src/ServiceStack.OrmLite/Expressions/SqlExpression.Join.cs

@@ -86,7 +86,7 @@ private SqlExpression<T> InternalJoin<Source, Target>(string joinType,
 
         private string InternalCreateSqlFromExpression(Expression joinExpr, bool isCrossJoin) 
         {
-            return "{0} {1}".Fmt((isCrossJoin ? "WHERE" : "ON"), Visit(joinExpr).ToString());
+            return "{0} {1}".Fmt((isCrossJoin ? "WHERE" : "ON"), VisitJoin(joinExpr).ToString());
         }
 
         private string InternalCreateSqlFromDefinitions(ModelDefinition sourceDef, ModelDefinition targetDef, bool isCrossJoin) 

src/ServiceStack.OrmLite/Expressions/SqlExpression.cs

@@ -28,6 +28,8 @@ public abstract partial class SqlExpression<T> : ISqlExpression, IHasUntypedSqlE
         protected bool useFieldName = false;
         protected bool selectDistinct = false;
         protected bool CustomSelect { get; set; }
+        protected bool SkipParameterizationForThisExpression { get; set; }
+        private bool visitedExpressionIsTableColumn = false;
         private ModelDefinition modelDef;
         public bool PrefixFieldWithTableName { get; set; }
         public bool WhereStatementWithoutWhereString { get; set; }
@@ -44,6 +46,7 @@ public SqlExpression(IOrmLiteDialectProvider dialectProvider)
             modelDef = typeof(T).GetModelDefinition();
             PrefixFieldWithTableName = false;
             WhereStatementWithoutWhereString = false;
+            SkipParameterizationForThisExpression = false;
             DialectProvider = dialectProvider;
             Params = new List<IDbDataParameter>();
             tableDefs.Add(modelDef);
@@ -927,6 +930,7 @@ protected internal bool UseFieldName
 
         protected internal virtual object Visit(Expression exp)
         {
+            visitedExpressionIsTableColumn = false;
 
             if (exp == null) return string.Empty;
             switch (exp.NodeType)
@@ -987,6 +991,14 @@ protected internal virtual object Visit(Expression exp)
             }
         }
 
+        protected internal virtual object VisitJoin(Expression exp)
+        {
+            SkipParameterizationForThisExpression = true;
+            var visitedExpression = Visit(exp);
+            SkipParameterizationForThisExpression = false;
+            return visitedExpression;
+        }
+
         protected virtual object VisitLambda(LambdaExpression lambda)
         {
             if (lambda.Body.NodeType == ExpressionType.MemberAccess && sep == " ")
@@ -1005,6 +1017,8 @@ protected virtual object VisitLambda(LambdaExpression lambda)
 
         protected virtual object VisitBinary(BinaryExpression b)
         {
+            var skipParameterizationForThisVisit = false;
+
             object left, right;
             var operand = BindOperant(b.NodeType);   //sep= " " ??
             if (operand == "AND" || operand == "OR")
@@ -1026,7 +1040,7 @@ protected virtual object VisitBinary(BinaryExpression b)
                 if (left as PartialSqlString == null && right as PartialSqlString == null)
                 {
                     var result = Expression.Lambda(b).Compile().DynamicInvoke();
-                    return new PartialSqlString(DialectProvider.GetQuotedValue(result, result.GetType()));
+                    return result;
                 }
 
                 if (left as PartialSqlString == null)
@@ -1039,8 +1053,15 @@ protected virtual object VisitBinary(BinaryExpression b)
                 left = Visit(b.Left);
                 right = Visit(b.Right);
 
+                if (visitedExpressionIsTableColumn || (right is DateTimeOffset))
+                    skipParameterizationForThisVisit = true;
+
                 var leftEnum = left as EnumMemberAccess;
                 var rightEnum = right as EnumMemberAccess;
+
+                if (leftEnum != null && rightEnum != null)
+                    skipParameterizationForThisVisit = true;
+
                 var rightNeedsCoercing = leftEnum != null && rightEnum == null;
                 var leftNeedsCoercing = rightEnum != null && leftEnum == null;
 
@@ -1049,7 +1070,9 @@ protected virtual object VisitBinary(BinaryExpression b)
                     var rightPartialSql = right as PartialSqlString;
                     if (rightPartialSql == null)
                     {
-                        right = DialectProvider.GetQuotedValue(right, leftEnum.EnumType);
+                        right = SkipParameterizationForThisExpression
+                            ? DialectProvider.GetQuotedValue(right, leftEnum.EnumType)
+                            : DialectProvider.GetValue(right, leftEnum.EnumType);
                     }
                 }
                 else if (leftNeedsCoercing)
@@ -1068,13 +1091,21 @@ protected virtual object VisitBinary(BinaryExpression b)
                 else if (left as PartialSqlString == null)
                     left = DialectProvider.GetQuotedValue(left, left != null ? left.GetType() : null);
                 else if (right as PartialSqlString == null)
-                    right = DialectProvider.GetQuotedValue(right, right != null ? right.GetType() : null);
-
+                {
+                    right = SkipParameterizationForThisExpression
+                        ? DialectProvider.GetQuotedValue(right, right != null ? right.GetType() : null)
+                        : DialectProvider.GetValue(right, right != null ? right.GetType() : null);
+                }
             }
 
             if (operand == "=" && right.ToString().Equals("null", StringComparison.OrdinalIgnoreCase)) operand = "is";
             else if (operand == "<>" && right.ToString().Equals("null", StringComparison.OrdinalIgnoreCase)) operand = "is not";
 
+            if (operand == "AND" || operand == "OR" || operand == "is" || operand == "is not")
+                skipParameterizationForThisVisit = true;
+
+            DoParameterization(skipParameterizationForThisVisit, ref right, b.Right);
+
             switch (operand)
             {
                 case "MOD":
@@ -1085,6 +1116,17 @@ protected virtual object VisitBinary(BinaryExpression b)
             }
         }
 
+        private void DoParameterization(bool skipParameterizationForThisVisit, ref object right, Expression rightExpression)
+        {
+            if (skipParameterizationForThisVisit)
+                return;
+
+            if (SkipParameterizationForThisExpression)
+                return;
+
+            ConvertToPlaceholderAndParameter(ref right, rightExpression);
+        }
+
         protected virtual object VisitMemberAccess(MemberExpression m)
         {
             if (m.Expression != null
@@ -1103,6 +1145,9 @@ protected virtual object VisitMemberAccess(MemberExpression m)
                 }
 
                 var tableDef = modelType.GetModelDefinition();
+                if (tableDef != null)
+                    visitedExpressionIsTableColumn = true;
+
                 if (propertyInfo.PropertyType.IsEnum)
                     return new EnumMemberAccess(
                         GetQuotedColumnName(tableDef, m.Member.Name), propertyInfo.PropertyType);
@@ -1609,14 +1654,20 @@ protected virtual object VisitColumnAccessMethod(MethodCallExpression m)
             return new PartialSqlString(statement);
         }
 
+        protected virtual void ConvertToPlaceholderAndParameter(ref object right, Expression rightExpression)
+        {
+        }
+
         public IDbDataParameter CreateParam(string name,
             object value = null,
             ParameterDirection direction = ParameterDirection.Input,
-            DbType? dbType = null)
+            DbType? dbType = null,
+            DataRowVersion sourceVersion = DataRowVersion.Default)
         {
             var p = new OrmLiteDataParameter {
                 ParameterName = DialectProvider.GetParam(name), 
-                Direction = direction
+                Direction = direction,
+                SourceVersion = sourceVersion
             };
             if (value != null)
             {
@@ -1631,7 +1682,6 @@ public IDbDataParameter CreateParam(string name,
 
             return p;
         }
-
         public IUntypedSqlExpression GetUntyped()
         {
             return new UntypedSqlExpressionProxy<T>(this);