From 76d09bcadbac3d934c228958861a0b24d6f51458 Mon Sep 17 00:00:00 2001
From: 648540858 <648540858@qq.com>
Date: 星期一, 18 十二月 2023 11:14:59 +0800
Subject: [PATCH] 修复sql注入 #1112

---
 src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java |    7 ++++---
 1 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
index 3826350..11aaa08 100755
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
@@ -105,7 +105,8 @@
     void delByPlatformId(String serverGBId);
 
     @Delete("<script> " +
-            "DELETE from wvp_platform_gb_channel WHERE platform_id=#{platformId} and catalog_id=#{catalogId}"  +
+            "DELETE from wvp_platform_gb_channel WHERE platform_id=#{platformId} " +
+            " <if test=\"catalogId != null\" >  and catalog_id=#{catalogId}</if>" +
             "</script>")
     int delChannelForGBByCatalogId(@Param("platformId") String platformId, @Param("catalogId") String catalogId);
 
@@ -116,6 +117,6 @@
             "where dc.channel_id = #{channelId} and pgc.platform_id=#{platformId}")
     List<Device> queryDeviceInfoByPlatformIdAndChannelId(@Param("platformId") String platformId, @Param("channelId") String channelId);
 
-    @Select("SELECT pgc.platform_id from wvp_platform_gb_channel pgc left join wvp_device_channel dc on dc.id = pgc.device_channel_id WHERE dc.channel_id='${channelId}'")
-    List<String> queryParentPlatformByChannelId(String channelId);
+    @Select("SELECT pgc.platform_id from wvp_platform_gb_channel pgc left join wvp_device_channel dc on dc.id = pgc.device_channel_id WHERE dc.channel_id=#{channelId}")
+    List<String> queryParentPlatformByChannelId(@Param("channelId") String channelId);
 }

--
Gitblit v1.8.0