查詢的運作方式How Queries Work

Entity Framework Core 會使用從資料庫查詢資料的語言整合 Query (LINQ)。Entity Framework Core uses Language Integrate Query (LINQ) to query data from the database. LINQ 可讓您使用 C# (或您所選擇的.NET 語言) 撰寫強型別衍生內容和實體類別為基礎的查詢。LINQ allows you to use C# (or your .NET language of choice) to write strongly typed queries based on your derived context and entity classes.

生命週期的查詢The life of a query

以下是每個查詢所經歷的程序的高層級概觀。The following is a high level overview of the process each query goes through.

  1. 建立表示準備好要處理的資料庫提供者的 Entity Framework Core 處理 LINQ 查詢The LINQ query is processed by Entity Framework Core to build a representation that is ready to be processed by the database provider
    1. 結果會快取,因此不需要每次執行查詢來完成這項處理The result is cached so that this processing does not need to be done every time the query is executed
  2. 結果會傳遞至資料庫提供者The result is passed to the database provider
    1. 資料庫提供者會識別查詢的哪些部分可以評估在資料庫中The database provider identifies which parts of the query can be evaluated in the database
    2. 這些組件的查詢會轉譯為資料庫特定的查詢語言 (例如關聯式資料庫的 SQL)These parts of the query are translated to database specific query language (e.g. SQL for a relational database)
    3. 一個或多個查詢會傳送至資料庫而傳回的結果集 (結果會是從資料庫中的實體執行個體的值)One or more queries are sent to the database and the result set returned (results are values from the database, not entity instances)
  3. 針對結果集中的每個項目For each item in the result set
    1. 如果這是追蹤查詢,會檢查 EF 如果其資料代表的實體已在變更追蹤程式的內容執行個體If this is a tracking query, EF checks if the data represents an entity already in the change tracker for the context instance
      • 如果是的話,會傳回現有的實體If so, the existing entity is returned
      • 如果不是,建立新的實體,變更追蹤,則安裝程式,並傳回新的實體If not, a new entity is created, change tracking is setup, and the new entity is returned
    2. 如果這不是追蹤查詢,會檢查 EF 如果其資料代表的實體已在設定這個查詢的結果If this is a no-tracking query, EF checks if the data represents an entity already in the result set for this query
      • 如果現有的實體,則會傳回(1)If so, the existing entity is returned (1)
      • 如果不是,建立並傳回新的實體If not, a new entity is created and returned

(1)沒有追蹤的查詢使用弱式參考來追蹤已傳回的實體。(1) No tracking queries use weak references to keep track of entities that have already been returned. 如果具有相同識別是之前的結果超出範圍,而且執行記憶體回收,可能會收到新的實體執行個體。If a previous result with the same identity goes out of scope, and garbage collection runs, you may get a new entity instance.

執行查詢時When queries are executed

當您呼叫 LINQ 運算子時,而只累積在記憶體中表示的查詢。When you call LINQ operators, you are simply building up an in-memory representation of the query. 當結果被耗用時,查詢才會傳送到資料庫。The query is only sent to the database when the results are consumed.

造成查詢傳送給資料庫的最常見作業為:The most common operations that result in the query being sent to the database are:

  • 逐一查看結果for迴圈Iterating the results in a for loop
  • 使用運算子,例如ToListToArraySingleCountUsing an operator such as ToList, ToArray, Single, Count
  • 資料繫結至 UI 查詢的結果Databinding the results of a query to a UI

警告

一律驗證使用者輸入:時的 EF 提供從 SQL 資料隱碼攻擊的防護,不會執行輸入的任何一般驗證。Always validate user input: While EF does provide protection from SQL injection attacks, it does not do any general validation of input. 因此如果值傳遞至應用程式開發介面,在 LINQ 查詢中,指派給等實體屬性,使用來自不受信任的來源則適當的驗證,每個應用程式需求,應該執行。Therefore if values being passed to APIs, used in LINQ queries, assigned to entity properties, etc., come from an untrusted source then appropriate validation, per your application requirements, should be performed. 這包括用來以動態方式建構查詢的任何使用者輸入。This includes any user input used to dynamically construct queries. 即使使用 LINQ,如果您接受使用者輸入建立運算式,您必須確定比預期運算式只可用於建構。Even when using LINQ, if you are accepting user input to build expressions you need to make sure than only intended expressions can be constructed.