From 7b601a3e8f6de4acc9d6b9885ef23d6c90a4f349 Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期三, 28 十二月 2022 13:26:33 +0800
Subject: [PATCH] 使用#替代$，防止SQL注入的风险（主要防止模糊查询sql部分的注入）。

---
 src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java |    7 +++++--
 1 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
index a495098..91a4a5f 100644
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/PlatformGbStreamMapper.java
@@ -26,7 +26,7 @@
             "(gbStreamId, platformId, catalogId) " +
             "values " +
             "<foreach collection='streamPushItems' index='index' item='item' separator=','> " +
-            "(${item.gbStreamId}, '${item.platformId}', '${item.catalogId}')" +
+            "(#{item.gbStreamId}, #{item.platformId}, #{item.catalogId})" +
             "</foreach> " +
             "</script>")
     int batchAdd(List<StreamPushItem> streamPushItems);
@@ -78,7 +78,7 @@
             "left join platform_gb_stream pgs on " +
             "pp.serverGBId = pgs.platformId " +
             "left join gb_stream gs " +
-            "gs.gbStreamId = pgs.gbStreamId " +
+            "on gs.gbStreamId = pgs.gbStreamId " +
             "WHERE " +
             "gs.app = #{app} " +
             "AND gs.stream = #{stream}" +
@@ -105,4 +105,7 @@
             "</foreach>" +
             "</script>")
     void delByAppAndStreamsByPlatformId(List<GbStream> gbStreams, String platformId);
+
+    @Delete("DELETE FROM platform_gb_stream WHERE platformId=#{platformId} and catalogId=#{catalogId}")
+    int delByPlatformAndCatalogId(String platformId, String catalogId);
 }

--
Gitblit v1.8.0