From 7b601a3e8f6de4acc9d6b9885ef23d6c90a4f349 Mon Sep 17 00:00:00 2001
From: xubinbin <1323875150@qq.com>
Date: 星期三, 28 十二月 2022 13:26:33 +0800
Subject: [PATCH] 使用#替代$，防止SQL注入的风险（主要防止模糊查询sql部分的注入）。

---
 src/main/java/com/genersoft/iot/vmp/storager/dao/RecordInfoDao.java |    5 ++---
 1 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/genersoft/iot/vmp/storager/dao/RecordInfoDao.java b/src/main/java/com/genersoft/iot/vmp/storager/dao/RecordInfoDao.java
index c32cedc..a784472 100644
--- a/src/main/java/com/genersoft/iot/vmp/storager/dao/RecordInfoDao.java
+++ b/src/main/java/com/genersoft/iot/vmp/storager/dao/RecordInfoDao.java
@@ -1,7 +1,6 @@
 package com.genersoft.iot.vmp.storager.dao;
 
 import com.genersoft.iot.vmp.storager.dao.dto.RecordInfo;
-import com.genersoft.iot.vmp.storager.dao.dto.User;
 import org.apache.ibatis.annotations.Delete;
 import org.apache.ibatis.annotations.Insert;
 import org.apache.ibatis.annotations.Mapper;
@@ -15,10 +14,10 @@
 public interface RecordInfoDao {
 
     @Insert("INSERT INTO recordInfo (app, stream, mediaServerId, createTime, type, deviceId, channelId, name) VALUES" +
-            "('${app}', '${stream}', '${mediaServerId}', datetime('now','localtime')), '${type}', '${deviceId}', '${channelId}', '${name}'")
+            "(#{app}, #{stream}, #{mediaServerId}, datetime('now','localtime')), #{type}, #{deviceId}, #{channelId}, #{name}")
     int add(RecordInfo recordInfo);
 
-    @Delete("DELETE FROM user WHERE createTime < '${beforeTime}'")
+    @Delete("DELETE FROM user WHERE createTime < #{beforeTime}")
     int deleteBefore(String beforeTime);
 
     @Select("select * FROM recordInfo")

--
Gitblit v1.8.0