Class SparqlParameterizedString
A SPARQL Parameterized String is a String that can contain parameters in the same fashion as a SQL command string.
Inherited Members
Namespace: VDS.RDF.Query
Assembly: dotNetRdf.dll
Syntax
public class SparqlParameterizedString
Remarks
This is intended for use in applications which may want to dynamically build SPARQL queries/updates where user input may comprise individual values in the triples patterns and the applications want to avoid SPARQL injection attacks which change the meaning of the query/update.
It works broadly in the same way as a SqlCommand would in that you specify a string with paramters specified in the form @name and then use various set methods to set the actual values that should be used. The values are only substituted for parameters when you actually call the ToString() method to get the final string representation of the command. E.g.
SparqlParameterizedString queryString = new SparqlParameterizedString();
queryString.CommandText = @"SELECT * WHERE
{
?s a @type .
}";
queryString.SetUri("type", new Uri("http://example.org/myType"));
Console.WriteLine(queryString.ToString());
Would result in the following being printed to the Console:
SELECT * WHERE
{
?s a <http://example.org/myType>
}
Calling a Set method to set a parameter that has already been set changes that value and the new value will be used next time you call ToString() - this may be useful if you plan to execute a series of queries/updates using a series of values since you need not instantiate a completely new parameterized string each time.
This class was added to a library based on a suggestion by Alexander Sidorov and ideas from slides from Slideshare by Almedia et al.
PERFORMANCE TIPS: if building the command text incrementally, avoid using CommandText +=
and use the AppendSubQuery or Append methods instead.
Constructors
| Edit this page View SourceSparqlParameterizedString()
Creates a new empty parameterized String.
Declaration
public SparqlParameterizedString()
SparqlParameterizedString(string)
Creates a new parameterized String.
Declaration
public SparqlParameterizedString(string command)
Parameters
Type | Name | Description |
---|---|---|
string | command | Command Text. |
Properties
| Edit this page View SourceBaseUri
Gets/Sets the Base URI which will be used to prepend BASE declarations to the command.
Declaration
public Uri BaseUri { get; set; }
Property Value
Type | Description |
---|---|
Uri |
CommandText
Gets/Sets the parameterized Command Text.
Declaration
public virtual string CommandText { get; set; }
Property Value
Type | Description |
---|---|
string |
Namespaces
Gets/Sets the Namespace Map that is used to prepend PREFIX declarations to the command.
Declaration
public INamespaceMapper Namespaces { get; set; }
Property Value
Type | Description |
---|---|
INamespaceMapper |
Parameters
Gets an enumeration of the Parameters for which Values have been set.
Declaration
public IEnumerable<KeyValuePair<string, INode>> Parameters { get; }
Property Value
Type | Description |
---|---|
IEnumerable<KeyValuePair<string, INode>> |
QueryProcessor
Gets/Sets the Query processor which is used when you call the ExecuteQuery() method.
Declaration
public ISparqlQueryProcessor QueryProcessor { get; set; }
Property Value
Type | Description |
---|---|
ISparqlQueryProcessor |
UpdateProcessor
Gets/Sets the Query processor which is used when you call the ExecuteUpdate() method.
Declaration
public ISparqlUpdateProcessor UpdateProcessor { get; set; }
Property Value
Type | Description |
---|---|
ISparqlUpdateProcessor |
Variables
Gets an enumeration of the Variables for which Values have been set.
Declaration
public IEnumerable<KeyValuePair<string, INode>> Variables { get; }
Property Value
Type | Description |
---|---|
IEnumerable<KeyValuePair<string, INode>> |
Methods
| Edit this page View SourceAppend(string)
Appends the given text to the existing command text, any prefixes in the command are moved to the parent query.
Declaration
public void Append(string text)
Parameters
Type | Name | Description |
---|---|---|
string | text | Text. |
Append(SparqlParameterizedString)
Appends the given text to the existing command text, any prefixes in the sub-query are moved to the parent query but any parameter/variable assignments will be lost.
Declaration
public void Append(SparqlParameterizedString text)
Parameters
Type | Name | Description |
---|---|---|
SparqlParameterizedString | text | Text. |
AppendSubQuery(SparqlParameterizedString)
Appends the given query as a sub-query to the existing command text, any prefixes in the sub-query are moved to the parent query but any parameter/variable assignments will be lost.
Declaration
public void AppendSubQuery(SparqlParameterizedString query)
Parameters
Type | Name | Description |
---|---|---|
SparqlParameterizedString | query | Query. |
AppendSubQuery(SparqlQuery)
Appends the given query as a sub-query to the existing command text, any prefixes in the sub-query are moved to the parent query.
Declaration
public void AppendSubQuery(SparqlQuery query)
Parameters
Type | Name | Description |
---|---|---|
SparqlQuery | query | Query. |
Clear()
Clears all set Parameters and Variables.
Declaration
public virtual void Clear()
ClearParameters()
Clears all set Parameters.
Declaration
public virtual void ClearParameters()
ClearVariables()
Clears all set Variables.
Declaration
public virtual void ClearVariables()
ExecuteQuery()
Executes this command as a query.
Declaration
public SparqlResultSet ExecuteQuery()
Returns
Type | Description |
---|---|
SparqlResultSet |
ExecuteQuery(IRdfHandler, ISparqlResultsHandler)
Executes this command as a query.
Declaration
public void ExecuteQuery(IRdfHandler rdfHandler, ISparqlResultsHandler resultsHandler)
Parameters
Type | Name | Description |
---|---|---|
IRdfHandler | rdfHandler | RDF Handler. |
ISparqlResultsHandler | resultsHandler | Results Handler. |
ExecuteUpdate()
Executes this command as an update.
Declaration
public void ExecuteUpdate()
SetBlankNode(string)
Sets the Parameter to be a new anonymous Blank Node.
Declaration
public void SetBlankNode(string name)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
Remarks
Only guarantees that the Blank Node ID will not clash with any other Blank Nodes added by other calls to this method or it's overload which takes an explicit Node ID. If the base query text into which you are inserting parameters contains Blank Nodes then the IDs generated here may clash with those IDs.
SetBlankNode(string, string)
Sets the Parameter to be a Blank Node with the given ID.
Declaration
public void SetBlankNode(string name, string value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
string | value | Node ID. |
Remarks
Only guarantees that the Blank Node ID will not clash with any other Blank Nodes added by other calls to this method or it's overload which generates anonymous Blank Nodes. If the base query text into which you are inserting parameters contains Blank Nodes then the IDs generated here may clash with those IDs.
SetLiteral(string, bool)
Sets the Parameter to a Boolean Literal.
Declaration
public void SetLiteral(string name, bool value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
bool | value | Integer. |
SetLiteral(string, DateTime)
Sets the Parameter to a Date Time Literal.
Declaration
public void SetLiteral(string name, DateTime value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
DateTime | value | Integer. |
SetLiteral(string, DateTime, bool)
Sets the Parameter to a Date Time Literal.
Declaration
public void SetLiteral(string name, DateTime value, bool precise)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
DateTime | value | Integer. |
bool | precise | Whether to preserve precisely i.e. include fractional seconds. |
SetLiteral(string, DateTimeOffset)
Sets the Parameter to a Date Time Literal.
Declaration
public void SetLiteral(string name, DateTimeOffset value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
DateTimeOffset | value | Integer. |
SetLiteral(string, DateTimeOffset, bool)
Sets the Parameter to a Date Time Literal.
Declaration
public void SetLiteral(string name, DateTimeOffset value, bool precise)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
DateTimeOffset | value | Integer. |
bool | precise | Whether to preserve precisely i.e. include fractional seconds. |
SetLiteral(string, decimal)
Sets the Parameter to a Decimal Literal.
Declaration
public void SetLiteral(string name, decimal value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
decimal | value | Integer. |
SetLiteral(string, double)
Sets the Parameter to a Double Literal.
Declaration
public void SetLiteral(string name, double value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
double | value | Integer. |
SetLiteral(string, short)
Sets the Parameter to an Integer Literal.
Declaration
public void SetLiteral(string name, short value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
short | value | Integer. |
SetLiteral(string, int)
Sets the Parameter to an Integer Literal.
Declaration
public void SetLiteral(string name, int value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
int | value | Integer. |
SetLiteral(string, long)
Sets the Parameter to an Integer Literal.
Declaration
public void SetLiteral(string name, long value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
long | value | Integer. |
SetLiteral(string, float)
Sets the Parameter to a Float Literal.
Declaration
public void SetLiteral(string name, float value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
float | value | Integer. |
SetLiteral(string, string, bool)
Sets the Parameter to an Untyped Literal.
Declaration
public void SetLiteral(string name, string value, bool normalizeValue)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
string | value | The literal value. |
bool | normalizeValue | Whether to normalize the string value of |
SetLiteral(string, string, string, bool)
Sets the Parameter to a Literal with a Language Specifier.
Declaration
public void SetLiteral(string name, string value, string lang, bool normalizeLiteralValue)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
string | value | The Literal value. |
string | lang | The language specifier. |
bool | normalizeLiteralValue | Whether to normalize the string value of |
SetLiteral(string, string, Uri, bool)
Sets the Parameter to a Typed Literal.
Declaration
public void SetLiteral(string name, string value, Uri datatype, bool normalizeLiteralValue)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
string | value | The literal value. |
Uri | datatype | Datatype URI. |
bool | normalizeLiteralValue | Whether to normalize the string value of |
SetLiteral(string, TimeSpan)
Sets the Parameter to a Duration Literal.
Declaration
public void SetLiteral(string name, TimeSpan value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
TimeSpan | value | Integer. |
SetParameter(string, INode)
Sets the Value of a Parameter.
Declaration
public void SetParameter(string name, INode value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter Name. |
INode | value | Value. |
Remarks
Can be used in derived classes to set the value of parameters if the derived class defines additional methods for adding values for parameters.
SetUri(string, Uri)
Sets the Parameter to a URI.
Declaration
public void SetUri(string name, Uri value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter. |
Uri | value | URI. |
SetVariable(string, INode)
Sets the Value of a Variable.
Declaration
public virtual void SetVariable(string name, INode value)
Parameters
Type | Name | Description |
---|---|---|
string | name | Variable Name. |
INode | value | Value. |
ToString()
Returns the actual Query/Update String with parameter and variable values inserted.
Declaration
public override string ToString()
Returns
Type | Description |
---|---|
string |
Overrides
| Edit this page View SourceUnsetParameter(string)
Removes a previously set value for a Parameter.
Declaration
public void UnsetParameter(string name)
Parameters
Type | Name | Description |
---|---|---|
string | name | Parameter Name. |
Remarks
There is generally no reason to do this since you can just set a parameters value to change it.
UnsetVariable(string)
Removes a previously set value for a Variable.
Declaration
public void UnsetVariable(string name)
Parameters
Type | Name | Description |
---|---|---|
string | name | Variable Name. |
Remarks
May be useful if you have a skeleton query/update into which you sometimes substitute values for variables but don't always do so.