Change ToUpdateRowStatement to PrepareUpdateRowStatement which now users db params

Author: mythz

src/ServiceStack.OrmLite.Firebird/FirebirdOrmLiteDialectProvider.cs

@@ -237,7 +237,7 @@ public override void PrepareParameterizedInsertStatement<T>(IDbCommand cmd, ICol
                 GetQuotedTableName(modelDef), sbColumnNames, sbColumnValues);
         }
 
-        public override string ToUpdateRowStatement(object objWithProperties, ICollection<string> updateFields = null)
+        public override void PrepareUpdateRowStatement(IDbCommand dbCmd, object objWithProperties, ICollection<string> updateFields = null)
         {
             if (updateFields == null)
                 updateFields = new List<string>();
@@ -255,50 +255,31 @@ public override string ToUpdateRowStatement(object objWithProperties, ICollectio
                 if ((fieldDef.IsPrimaryKey || fieldDef.Name == OrmLiteConfig.IdField)
                     && updateFields.Count == 0)
                 {
-                    if (sqlFilter.Length > 0) sqlFilter.Append(" AND ");
+                    if (sqlFilter.Length > 0)
+                        sqlFilter.Append(" AND ");
 
-                    sqlFilter.AppendFormat("{0}={1}",
-                        GetQuotedColumnName(fieldDef.FieldName),
-                        fieldDef.GetQuotedValue(objWithProperties));
+                    sqlFilter
+                        .Append(GetQuotedColumnName(fieldDef.FieldName))
+                        .Append("=")
+                        .Append(this.AddParam(dbCmd, fieldDef.GetValue(objWithProperties)).ParameterName);
 
                     continue;
                 }
-                if (updateFields.Count > 0 && !updateFields.Contains(fieldDef.Name)) continue;
-                if (sql.Length > 0) sql.Append(",");
-                sql.AppendFormat("{0}={1}",
-                    GetQuotedColumnName(fieldDef.FieldName),
-                    fieldDef.GetQuotedValue(objWithProperties));
-            }
 
-            var updateSql = string.Format("UPDATE {0} \nSET {1} {2}",
-                GetQuotedTableName(modelDef), sql, (sqlFilter.Length > 0 ? "\nWHERE " + sqlFilter : ""));
-
-            return updateSql;
-        }
-
-
-        public override string ToDeleteRowStatement(object objWithProperties)
-        {
-            var tableType = objWithProperties.GetType();
-            var modelDef = GetModel(tableType);
+                if (updateFields.Count > 0 && !updateFields.Contains(fieldDef.Name))
+                    continue;
 
-            var sqlFilter = new StringBuilder();
+                if (sql.Length > 0)
+                    sql.Append(",");
 
-            foreach (var fieldDef in modelDef.FieldDefinitions)
-            {
-                if (fieldDef.IsPrimaryKey || fieldDef.Name == OrmLiteConfig.IdField)
-                {
-                    if (sqlFilter.Length > 0) sqlFilter.Append(" AND ");
-                    sqlFilter.AppendFormat("{0} = {1}",
-                        GetQuotedColumnName(fieldDef.FieldName),
-                        fieldDef.GetQuotedValue(objWithProperties));
-                }
+                sql
+                    .Append(GetQuotedColumnName(fieldDef.FieldName))
+                    .Append("=")
+                    .Append(this.AddParam(dbCmd, fieldDef.GetValue(objWithProperties)).ParameterName);
             }
 
-            var deleteSql = string.Format("DELETE FROM {0} WHERE {1}",
-                GetQuotedTableName(modelDef), sqlFilter);
-
-            return deleteSql;
+            dbCmd.CommandText = string.Format("UPDATE {0} \nSET {1} {2}",
+                GetQuotedTableName(modelDef), sql, (sqlFilter.Length > 0 ? "\nWHERE " + sqlFilter : ""));
         }
 
         public override string ToCreateTableStatement(Type tableType)

src/ServiceStack.OrmLite.Oracle/OracleOrmLiteDialectProvider.cs

@@ -709,7 +709,7 @@ public override string ToInsertRowStatement(IDbCommand dbCommand, object objWith
             return sql;
         }
 
-        public override string ToUpdateRowStatement(object objWithProperties, ICollection<string> updateFields = null)
+        public override void PrepareUpdateRowStatement(IDbCommand dbCmd, object objWithProperties, ICollection<string> updateFields = null)
         {
             var sqlFilter = new StringBuilder();
             var sql = new StringBuilder();
@@ -724,49 +724,31 @@ public override string ToUpdateRowStatement(object objWithProperties, ICollectio
                 if ((fieldDef.IsPrimaryKey || fieldDef.Name == OrmLiteConfig.IdField)
                     && updateFieldsEmptyOrNull)
                 {
-                    if (sqlFilter.Length > 0) sqlFilter.Append(" AND ");
+                    if (sqlFilter.Length > 0)
+                        sqlFilter.Append(" AND ");
 
-                    sqlFilter.AppendFormat("{0} = {1}",
-                        GetQuotedColumnName(fieldDef.FieldName),
-                        fieldDef.GetQuotedValue(objWithProperties));
+                    sqlFilter
+                        .Append(GetQuotedColumnName(fieldDef.FieldName))
+                        .Append("=")
+                        .Append(this.AddParam(dbCmd, fieldDef.GetValue(objWithProperties)).ParameterName);
 
                     continue;
                 }
-                if (!updateFieldsEmptyOrNull && !updateFields.Contains(fieldDef.Name)) continue;
-                if (sql.Length > 0) sql.Append(",");
-                sql.AppendFormat("{0}={1}",
-                    GetQuotedColumnName(fieldDef.FieldName),
-                    fieldDef.GetQuotedValue(objWithProperties));
-            }
 
-            var updateSql = string.Format("UPDATE {0} \nSET {1} {2}",
-                GetQuotedTableName(modelDef), sql, (sqlFilter.Length > 0 ? "\nWHERE " + sqlFilter : ""));
-
-            return updateSql;
-        }
-
-        public override string ToDeleteRowStatement(object objWithProperties)
-        {
-            var tableType = objWithProperties.GetType();
-            var modelDef = GetModel(tableType);
+                if (!updateFieldsEmptyOrNull && !updateFields.Contains(fieldDef.Name))
+                    continue;
 
-            var sqlFilter = new StringBuilder();
+                if (sql.Length > 0)
+                    sql.Append(",");
 
-            foreach (var fieldDef in modelDef.FieldDefinitions)
-            {
-                if (fieldDef.IsPrimaryKey || fieldDef.Name == OrmLiteConfig.IdField)
-                {
-                    if (sqlFilter.Length > 0) sqlFilter.Append(" AND ");
-                    sqlFilter.AppendFormat("{0} = {1}",
-                        GetQuotedColumnName(fieldDef.FieldName),
-                        fieldDef.GetQuotedValue(objWithProperties));
-                }
+                sql
+                    .Append(GetQuotedColumnName(fieldDef.FieldName))
+                    .Append("=")
+                    .Append(this.AddParam(dbCmd, fieldDef.GetValue(objWithProperties)).ParameterName);
             }
 
-            var deleteSql = string.Format("DELETE FROM {0} WHERE {1}",
-                GetQuotedTableName(modelDef), sqlFilter);
-
-            return deleteSql;
+            dbCmd.CommandText = string.Format("UPDATE {0} \nSET {1} {2}",
+                GetQuotedTableName(modelDef), sql, (sqlFilter.Length > 0 ? "\nWHERE " + sqlFilter : ""));
         }
 
         public override string ToCreateTableStatement(Type tableType)

src/ServiceStack.OrmLite.SqlServer/SqlServerExpression.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Data;
 using System.Text;
 using ServiceStack.OrmLite.SqlServer.Converters;
 
@@ -9,9 +10,9 @@ public class SqlServerExpression<T> : SqlExpression<T>
         public SqlServerExpression(IOrmLiteDialectProvider dialectProvider)
             : base(dialectProvider) {}
 
-        public override string ToUpdateStatement(T item, bool excludeDefaults = false)
+        public override void PrepareUpdateStatement(IDbCommand dbCmd, T item, bool excludeDefaults = false)
         {
-            return SqlServerExpressionUtils.ToSqlServerUpdateStatement(this, item, excludeDefaults);
+            SqlServerExpressionUtils.PrepareSqlServerUpdateStatement(dbCmd, this, item, excludeDefaults);
         }
 
         public override string GetSubstringSql(object quotedColumn, int startIndex, int? length = null)
@@ -32,9 +33,9 @@ public class SqlServerParameterizedSqlExpression<T> : ParameterizedSqlExpression
         public SqlServerParameterizedSqlExpression(IOrmLiteDialectProvider dialectProvider)
             : base(dialectProvider) {}
 
-        public override string ToUpdateStatement(T item, bool excludeDefaults = false)
+        public override void PrepareUpdateStatement(IDbCommand dbCmd, T item, bool excludeDefaults = false)
         {
-            return SqlServerExpressionUtils.ToSqlServerUpdateStatement(this, item, excludeDefaults);
+            SqlServerExpressionUtils.PrepareSqlServerUpdateStatement(dbCmd, this, item, excludeDefaults);
         }
 
         public override string GetSubstringSql(object quotedColumn, int startIndex, int? length = null)
@@ -77,10 +78,12 @@ protected override void VisitFilter(string operand, object originalLeft, object
 
     internal class SqlServerExpressionUtils
     {
-        internal static string ToSqlServerUpdateStatement<T>(SqlExpression<T> q, T item, bool excludeDefaults = false)
+        internal static void PrepareSqlServerUpdateStatement<T>(IDbCommand dbCmd, SqlExpression<T> q, T item, bool excludeDefaults = false)
         {
+            q.CopyParamsTo(dbCmd);
+
             var modelDef = q.ModelDef;
-            var dialectProvider = q.DialectProvider;
+            var DialectProvider = q.DialectProvider;
 
             var setFields = new StringBuilder();
 
@@ -98,22 +101,21 @@ internal static string ToSqlServerUpdateStatement<T>(SqlExpression<T> q, T item,
                     && (value == null || (!fieldDef.IsNullable && value.Equals(value.GetType().GetDefaultValue()))))
                     continue;
 
-                fieldDef.GetQuotedValue(item, dialectProvider);
-
                 if (setFields.Length > 0)
                     setFields.Append(", ");
 
+                var param = DialectProvider.AddParam(dbCmd, value);
                 setFields
-                    .Append(dialectProvider.GetQuotedColumnName(fieldDef.FieldName))
+                    .Append(DialectProvider.GetQuotedColumnName(fieldDef.FieldName))
                     .Append("=")
-                    .Append(dialectProvider.GetQuotedValue(value, fieldDef.FieldType));
+                    .Append(param.ParameterName);
             }
 
             if (setFields.Length == 0)
                 throw new ArgumentException("No non-null or non-default values were provided for type: " + typeof(T).Name);
 
-            return string.Format("UPDATE {0} SET {1} {2}",
-                dialectProvider.GetQuotedTableName(modelDef), setFields, q.WhereExpression);
+            dbCmd.CommandText = string.Format("UPDATE {0} SET {1} {2}",
+                DialectProvider.GetQuotedTableName(modelDef), setFields, q.WhereExpression);
         }
     }
 }

src/ServiceStack.OrmLite.VistaDB/VistaDBExpression.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Data;
 using System.Linq;
 using System.Text;
 using System.Linq.Expressions;
@@ -10,8 +11,10 @@ public class VistaDbExpression<T> : ParameterizedSqlExpression<T>
         public VistaDbExpression(IOrmLiteDialectProvider dialectProvider) 
             : base(dialectProvider) {}
 
-        public override string ToUpdateStatement(T item, bool excludeDefaults = false)
+        public override void PrepareUpdateStatement(IDbCommand dbCmd, T item, bool excludeDefaults = false)
         {
+            CopyParamsTo(dbCmd);
+
             var setFields = new StringBuilder();
 
             foreach (var fieldDef in ModelDef.FieldDefinitions)
@@ -24,18 +27,20 @@ public override string ToUpdateStatement(T item, bool excludeDefaults = false)
                     && (value == null || (!fieldDef.IsNullable && value.Equals(value.GetType().GetDefaultValue()))))
                     continue;
 
-                fieldDef.GetQuotedValue(item);
+                if (setFields.Length > 0)
+                    setFields.Append(", ");
 
-                if (setFields.Length > 0) setFields.Append(",");
-                setFields.AppendFormat("{0} = {1}",
-                    DialectProvider.GetQuotedColumnName(fieldDef.FieldName),
-                    DialectProvider.GetQuotedValue(value, fieldDef.FieldType));
+                var param = DialectProvider.AddParam(dbCmd, value);
+                setFields
+                    .Append(DialectProvider.GetQuotedColumnName(fieldDef.FieldName))
+                    .Append("=")
+                    .Append(param.ParameterName);
             }
 
             if (setFields.Length == 0)
                 throw new ArgumentException("No non-null or non-default values were provided for type: " + typeof(T).Name);
 
-            return string.Format("UPDATE {0} SET {1} {2}",
+            dbCmd.CommandText = string.Format("UPDATE {0} SET {1} {2}",
                 DialectProvider.GetQuotedTableName(ModelDef), setFields, WhereExpression);
         }
 

src/ServiceStack.OrmLite/Async/WriteExpressionCommandExtensionsAsync.cs

@@ -16,8 +16,8 @@ internal static Task<int> UpdateOnlyAsync<T>(this IDbCommand dbCmd, T model, Fun
 
         internal static Task<int> UpdateOnlyAsync<T>(this IDbCommand dbCmd, T model, SqlExpression<T> onlyFields, CancellationToken token)
         {
-            var sql = dbCmd.UpdateOnlySql(model, onlyFields);
-            return dbCmd.ExecuteSqlAsync(sql, onlyFields.Params, token);
+            dbCmd.UpdateOnlySql(model, onlyFields);
+            return dbCmd.ExecNonQueryAsync(token);
         }
 
         internal static Task<int> UpdateOnlyAsync<T, TKey>(this IDbCommand dbCmd, T obj,
@@ -41,8 +41,8 @@ internal static Task<int> UpdateNonDefaultsAsync<T>(this IDbCommand dbCmd, T ite
 
             var q = dbCmd.GetDialectProvider().SqlExpression<T>();
             q.Where(obj);
-            var sql = q.ToUpdateStatement(item, excludeDefaults: true);
-            return dbCmd.ExecuteSqlAsync(sql, q.Params, token);
+            q.PrepareUpdateStatement(dbCmd, item, excludeDefaults: true);
+            return dbCmd.ExecNonQueryAsync(token);
         }
 
         internal static Task<int> UpdateAsync<T>(this IDbCommand dbCmd, T item, Expression<Func<T, bool>> expression, CancellationToken token)
@@ -52,17 +52,18 @@ internal static Task<int> UpdateAsync<T>(this IDbCommand dbCmd, T item, Expressi
 
             var q = dbCmd.GetDialectProvider().SqlExpression<T>();
             q.Where(expression);
-            var sql = q.ToUpdateStatement(item);
-            return dbCmd.ExecuteSqlAsync(sql, q.Params, token);
+            q.PrepareUpdateStatement(dbCmd, item);
+            return dbCmd.ExecNonQueryAsync(token);
         }
 
         internal static Task<int> UpdateAsync<T>(this IDbCommand dbCmd, object updateOnly, Expression<Func<T, bool>> where, CancellationToken token)
         {
             var q = dbCmd.GetDialectProvider().SqlExpression<T>();
             var whereSql = q.Where(@where).WhereExpression;
-            var updateSql = WriteExpressionCommandExtensions.UpdateSql<T>(dbCmd.GetDialectProvider(), updateOnly, whereSql);
+            q.CopyParamsTo(dbCmd);
+            dbCmd.PrepareUpdateAnonSql<T>(dbCmd.GetDialectProvider(), updateOnly, whereSql);
 
-            return dbCmd.ExecuteSqlAsync(updateSql, q.Params, token);
+            return dbCmd.ExecNonQueryAsync(token);
         }
 
         internal static Task<int> UpdateFmtAsync<T>(this IDbCommand dbCmd, string set, string where, CancellationToken token)