From 7b601a3e8f6de4acc9d6b9885ef23d6c90a4f349 Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期三, 28 十二月 2022 13:26:33 +0800
Subject: [PATCH] 使用#替代$，防止SQL注入的风险（主要防止模糊查询sql部分的注入）。

---
 src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
index 13094b9..91a4a5f 100644
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
@@ -26,7 +26,7 @@
             "(gbStreamId, platformId, catalogId) " +
             "values " +
             "<foreach collection='streamPushItems' index='index' item='item' separator=','> " +
-            "(${item.gbStreamId}, '${item.platformId}', '${item.catalogId}')" +
+            "(#{item.gbStreamId}, #{item.platformId}, #{item.catalogId})" +
             "</foreach> " +
             "</script>")
     int batchAdd(List<StreamPushItem> streamPushItems);

--
Gitblit v1.8.0