From 7b601a3e8f6de4acc9d6b9885ef23d6c90a4f349 Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期三, 28 十二月 2022 13:26:33 +0800
Subject: [PATCH] 使用#替代$,防止SQL注入的风险(主要防止模糊查询sql部分的注入)。
---
src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java | 16 ++++++++--------
1 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
index 120ecb3..b98b948 100644
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformChannelMapper.java
@@ -21,22 +21,22 @@
* 鏌ヨ鍒楄〃閲屽凡缁忓叧鑱旂殑
*/
@Select("<script> "+
- "SELECT deviceChannelId FROM platform_gb_channel WHERE platformId='${platformId}' AND deviceChannelId in" +
- "<foreach collection='channelReduces' open='(' item='item' separator=',' close=')'> '${item.id}'</foreach>" +
+ "SELECT deviceChannelId FROM platform_gb_channel WHERE platformId=#{platformId} AND deviceChannelId in" +
+ "<foreach collection='channelReduces' open='(' item='item' separator=',' close=')'> #{item.id}</foreach>" +
"</script>")
List<Integer> findChannelRelatedPlatform(String platformId, List<ChannelReduce> channelReduces);
@Insert("<script> "+
"INSERT INTO platform_gb_channel (platformId, deviceChannelId, catalogId) VALUES" +
"<foreach collection='channelReducesToAdd' item='item' separator=','>" +
- " ('${platformId}', '${item.id}' , '${item.catalogId}' )" +
+ " (#{platformId}, #{item.id} , #{item.catalogId} )" +
"</foreach>" +
"</script>")
int addChannels(String platformId, List<ChannelReduce> channelReducesToAdd);
@Delete("<script> "+
- "DELETE FROM platform_gb_channel WHERE platformId='${platformId}' AND deviceChannelId in" +
- "<foreach collection='channelReducesToDel' item='item' open='(' separator=',' close=')' > '${item.id}'</foreach>" +
+ "DELETE FROM platform_gb_channel WHERE platformId=#{platformId} AND deviceChannelId in" +
+ "<foreach collection='channelReducesToDel' item='item' open='(' separator=',' close=')' > #{item.id}</foreach>" +
"</script>")
int delChannelForGB(String platformId, List<ChannelReduce> channelReducesToDel);
@@ -50,14 +50,14 @@
int delChannelForDeviceId(String deviceId);
@Delete("<script> "+
- "DELETE FROM platform_gb_channel WHERE platformId='${platformId}'" +
+ "DELETE FROM platform_gb_channel WHERE platformId=#{platformId}" +
"</script>")
int cleanChannelForGB(String platformId);
- @Select("SELECT dc.* FROM platform_gb_channel pgc left join device_channel dc on dc.id = pgc.deviceChannelId WHERE dc.channelId='${channelId}' and pgc.platformId='${platformId}'")
+ @Select("SELECT dc.* FROM platform_gb_channel pgc left join device_channel dc on dc.id = pgc.deviceChannelId WHERE dc.channelId=#{channelId} and pgc.platformId=#{platformId}")
List<DeviceChannel> queryChannelInParentPlatform(String platformId, String channelId);
- @Select("SELECT dc.* FROM platform_gb_channel pgc left join device_channel dc on dc.id = pgc.deviceChannelId WHERE pgc.platformId='${platformId}' and pgc.catalogId=#{catalogId}")
+ @Select("SELECT dc.* FROM platform_gb_channel pgc left join device_channel dc on dc.id = pgc.deviceChannelId WHERE pgc.platformId=#{platformId} and pgc.catalogId=#{catalogId}")
List<DeviceChannel> queryAllChannelInCatalog(String platformId, String catalogId);
@Select(" select dc.channelId as id, dc.name as name, pgc.platformId as platformId, pgc.catalogId as parentId, 0 as childrenCount, 1 as type " +
--
Gitblit v1.8.0