Skip to content

Y
YeeAmosFireAutoSysRoot
Commit 5b10dbdf authored by litengwei's avatar litengwei
Browse files
Options

SQL Injection: MyBatis Mapper(SQL注入:MyBatis Mapper)

parent f2e7f330
Show whitespace changes
Inline Side-by-side
Showing with 83 additions and 81 deletions
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/ContingencyPlanInstanceMapper.xml
View file @ 5b10dbdf
......@@ -6,7 +6,7 @@
UPDATE
contingency_plan_instance
SET
runstate = ${runStatus}
runstate = #{runStatus}
<if test="content != null and content != ''">
, content = #{content}
</if>
......@@ -17,7 +17,7 @@
UPDATE
contingency_plan_instance
SET
runstate = ${runStatus}
runstate = #{runStatus}
<if test="content != null and content != ''">
, content = #{content}
</if>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/PlanMessage.xml
View file @ 5b10dbdf
......@@ -18,7 +18,7 @@
m.batch_no = #{batchNo}
</if>
<if test="stepIndex != null">
AND m.step_index = ${stepIndex}
AND m.step_index = #{stepIndex}
</if>
</where>
ORDER BY
......@@ -35,7 +35,7 @@
m.batch_no = #{batchNo}
</if>
<if test="stepIndex != null">
AND m.step_index = ${stepIndex}
AND m.step_index = #{stepIndex}
</if>
<if test="indexUpdateTime != null">
AND m.index_create_time = #{indexUpdateTime}
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/bizMessage.xml
View file @ 5b10dbdf
......@@ -13,19 +13,19 @@
WHERE
1=1
<if test="time!=null">
and TO_DAYS(m.time) = TO_DAYS('${time}')
and TO_DAYS(m.time) = TO_DAYS('#{time}')
</if>
<if test="type!=null">
AND m.type = '${type}'
AND m.type = '#{type}'
</if>
<if test="title!=null">
AND m.title LIKE '%${title}%'
AND m.title LIKE '%#{title}%'
</if>
<if test="orgCode!=null">
AND (
m.org_code = '${orgCode}'
OR m.org_code LIKE '${orgCode}*%'
m.org_code = '#{orgCode}'
OR m.org_code LIKE '#{orgCode}*%'
)
</if>
</select>
......@@ -39,22 +39,22 @@
WHERE
1=1
<if test="time!=null">
and TO_DAYS(m.time) = TO_DAYS('${time}')
and TO_DAYS(m.time) = TO_DAYS('#{time}')
</if>
<if test="type!=null">
AND m.type = '${type}'
AND m.type = '#{type}'
</if>
<if test="title!=null">
AND m.title LIKE '%${title}%'
AND m.title LIKE '%#{title}%'
</if>
<if test="orgCode!=null">
AND (
m.org_code = '${orgCode}'
OR m.org_code LIKE '${orgCode}*%'
m.org_code = '#{orgCode}'
OR m.org_code LIKE '#{orgCode}*%'
)
</if>
LIMIT ${start},${length} ;
LIMIT #{start},#{length} ;
</select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fier_station.xml
View file @ 5b10dbdf
......@@ -19,7 +19,7 @@
<!-- FROM-->
<!-- f_fire_station fs-->
<!-- WHERE-->
<!-- fs.id = ${id}-->
<!-- fs.id = #{id}-->
<!-- </select>-->
......@@ -30,7 +30,7 @@
<!-- f_fire_station_equipment fs-->
<!-- JOIN f_fire_equipment f ON fs.fire_equipment_id = f.id-->
<!-- WHERE-->
<!-- fs.fire_station_id = ${fireStationId}-->
<!-- fs.fire_station_id = #{fireStationId}-->
<!-- </select>-->
<!-- <select id="queryForFireEqumntPage" resultType="java.util.Map">-->
<!-- SELECT-->
......@@ -44,9 +44,9 @@
<!-- left join f_fire_equipment f ON fs.fire_equipment_id = f.id-->
<!-- left join f_risk_source frs on frs.id = f.risk_source_id-->
<!-- WHERE-->
<!-- fs.fire_station_id = ${fireStationId}-->
<!-- fs.fire_station_id = #{fireStationId}-->
<!-- and f.id is not null-->
<!-- LIMIT ${start}, ${length};-->
<!-- LIMIT #{start}, #{length};-->
<!-- </select>-->
<!-- <select id="queryCountForPage" resultType="long">-->
......@@ -58,13 +58,13 @@
<!-- WHERE-->
<!-- 1=1-->
<!-- <if test="name!=null">-->
<!-- AND (fs.name LIKE '%${name}%' or fs.`code` LIKE '%${name}%')-->
<!-- AND (fs.name LIKE '%#{name}%' or fs.`code` LIKE '%#{name}%')-->
<!-- </if>-->
<!-- <if test="code!=null">-->
<!-- AND fs.`code` LIKE '%${code}%'-->
<!-- AND fs.`code` LIKE '%#{code}%'-->
<!-- </if>-->
<!-- <if test="type!=null">-->
<!-- AND fs.`type` LIKE '%${type}%';-->
<!-- AND fs.`type` LIKE '%#{type}%';-->
<!-- </if>-->
<!-- </select>-->
<!-- <select id="queryForPage" resultType="java.util.Map">-->
......@@ -85,15 +85,15 @@
<!-- 1=1-->
<!-- <if test="name!=null">-->
<!-- AND (fs.name LIKE '%${name}%' or fs.`code` LIKE '%${name}%')-->
<!-- AND (fs.name LIKE '%#{name}%' or fs.`code` LIKE '%#{name}%')-->
<!-- </if>-->
<!-- <if test="code!=null">-->
<!-- AND fs.`code` LIKE '%${code}%'-->
<!-- AND fs.`code` LIKE '%#{code}%'-->
<!-- </if>-->
<!-- <if test="type!=null">-->
<!-- AND fs.`type` LIKE '%${type}%'-->
<!-- AND fs.`type` LIKE '%#{type}%'-->
<!-- </if>-->
<!-- LIMIT ${start},${length} ;-->
<!-- LIMIT #{start},#{length} ;-->
<!-- </select>-->
......@@ -126,14 +126,14 @@
a.instance_id
) s
<if test="name!=null">
AND s.name LIKE '%${name}%'
AND s.name LIKE '%#{name}%'
</if>
<if test="code!=null">
AND s.`code` LIKE '%${code}%'
AND s.`code` LIKE '%#{code}%'
</if>
<if test="type!=null">
AND s.`type` LIKE '%${type}%';
AND s.`type` LIKE '%#{type}%';
</if>
</select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fire_equip.xml
View file @ 5b10dbdf
......@@ -139,10 +139,10 @@
) d
<where>
<if test="fireEquipmentName!=null">
AND d.fireEquipmentName LIKE '%${fireEquipmentName}%'
AND d.fireEquipmentName LIKE '%#{fireEquipmentName}%'
</if>
<if test="equipmentName!=null">
AND d.equipmentName LIKE '%${equipmentName}%'
AND d.equipmentName LIKE '%#{equipmentName}%'
</if>
<if test="startTime != null and startTime != ''">
AND d.update_date &gt;= #{startTime}
......@@ -194,10 +194,10 @@
) d
<where>
<if test="fireEquipmentName!=null">
AND d.fireEquipmentName LIKE '%${fireEquipmentName}%'
AND d.fireEquipmentName LIKE '%#{fireEquipmentName}%'
</if>
<if test="equipmentName!=null">
AND d.equipmentName LIKE '%${equipmentName}%'
AND d.equipmentName LIKE '%#{equipmentName}%'
</if>
<if test="startTime != null and startTime != ''">
AND d.create_date &gt;= #{startTime}
......@@ -207,7 +207,7 @@
</if>
</where>
ORDER BY d.create_date desc
LIMIT ${start},${length}
LIMIT #{start},#{length}
</select>
......@@ -218,14 +218,14 @@
<!-- where-->
<!-- 1=1-->
<!-- <if test="equipClassify!=null">-->
<!-- and fe.equip_classify in ( ${equipClassify} )-->
<!-- and fe.equip_classify in ( #{equipClassify} )-->
<!-- </if>-->
<!-- <if test="code!=null">-->
<!-- and fe.`code` like '%${code}%'-->
<!-- and fe.`code` like '%#{code}%'-->
<!-- </if>-->
<!-- <if test="name!=null">-->
<!-- and (fe.`name` like '%${name}%' or fe.`code` like '%${name}%')-->
<!-- and (fe.`name` like '%#{name}%' or fe.`code` like '%#{name}%')-->
<!-- </if>-->
<!-- &lt;!&ndash; 筛选未绑定的配套设施-->
<!-- &ndash;&gt;-->
......@@ -258,14 +258,14 @@
<!-- where 1=1) tmp-->
<!-- <where>-->
<!-- <if test="equipClassify!=null">-->
<!-- and tmp.equip_classify in ( ${equipClassify} )-->
<!-- and tmp.equip_classify in ( #{equipClassify} )-->
<!-- </if>-->
<!-- <if test="code!=null">-->
<!-- and tmp.`code` like '%${code}%'-->
<!-- and tmp.`code` like '%#{code}%'-->
<!-- </if>-->
<!-- <if test="name!=null">-->
<!-- and (tmp.`name` like '%${name}%' or tmp.`code` like '%${name}%')-->
<!-- and (tmp.`name` like '%#{name}%' or tmp.`code` like '%#{name}%')-->
<!-- </if>-->
<!-- &lt;!&ndash; 筛选未绑定的配套设施-->
<!-- &ndash;&gt;-->
......@@ -273,7 +273,7 @@
<!-- AND tmp.bindStation is not true-->
<!-- </if>-->
<!-- </where>-->
<!-- LIMIT ${start},${length}-->
<!-- LIMIT #{start},#{length}-->
<!-- </select>-->
......@@ -291,7 +291,7 @@
<!-- FROM-->
<!-- f_fire_station_equipment se-->
<!-- WHERE-->
<!-- se.fire_station_id = ${fireStationId}-->
<!-- se.fire_station_id = #{fireStationId}-->
<!-- AND se.fire_equipment_id = fe.id-->
<!-- )-->
<!-- </select>-->
......@@ -507,12 +507,12 @@
f_equipment_fire_equipment efe
JOIN f_fire_equipment fe ON efe.fire_equipment_id = fe.id
WHERE
efe.equipment_id = ${equipmentId}
efe.equipment_id = #{equipmentId}
<if test="fname != null">
AND fe.`name` like '%${fname}%'
AND fe.`name` like '%#{fname}%'
</if>
<if test="length > 0">
LIMIT ${start},${length} ;
LIMIT #{start},#{length} ;
</if>
</select>
......@@ -525,9 +525,9 @@
f_equipment_fire_equipment efe
JOIN wl_equipment_specific fe ON efe.fire_equipment_id = fe.id
WHERE
efe.equipment_id = ${equipmentId}
efe.equipment_id = #{equipmentId}
<if test="fname != null">
AND fe.`name` like '%${fname}%'
AND fe.`name` like '%#{fname}%'
</if>
</select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fire_rectification.xml
View file @ 5b10dbdf
......@@ -124,7 +124,7 @@
from
elec_bills_fire_safety_control
where BILL_SEQ = (select SEQUENCE_NBR from elec_bills_basic_info where BILL_NO=#{billNo})
and type =${id}
and type =#{id}
</select>
<update id="updateBill">
UPDATE
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fmea.xml
View file @ 5b10dbdf
......@@ -90,7 +90,7 @@
FROM
f_fmea f
WHERE
f.risk_source_id = ${riskSourceId};
f.risk_source_id = #{riskSourceId};
</select>
<select id="getById" resultType="com.yeejoin.amos.fas.dao.entity.Fmea">
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_impAndfire_equip.xml
View file @ 5b10dbdf
......@@ -14,11 +14,11 @@
WHERE
1=1
<if test="fireEquipmentId != null">
and t.fire_equipment_id = ${fireEquipmentId}
and t.fire_equipment_id = #{fireEquipmentId}
</if>
<if test="equipmentId != null">
AND t.equipment_id = ${equipmentId};
AND t.equipment_id = #{equipmentId};
</if>
</select>
......@@ -29,8 +29,8 @@
FROM
f_equipment_fire_equipment t
WHERE
t.fire_equipment_id = ${fireEquipmentId}
AND t.equipment_id = ${equipmentId};
t.fire_equipment_id = #{fireEquipmentId}
AND t.equipment_id = #{equipmentId};
</select>
......@@ -46,7 +46,7 @@
FROM
f_equipment_fire_equipment efe
WHERE
efe.fire_equipment_id = ${fireEquipmentId}
efe.fire_equipment_id = #{fireEquipmentId}
)
LIMIT 0,1 ;
</select>
......@@ -81,11 +81,11 @@
FROM
f_equipment_fire_equipment efe
WHERE
efe.equipment_id = ${equipmentId}
efe.equipment_id = #{equipmentId}
AND efe.fire_equipment_id = fe.id
)
<if test="start != -1 and length != -1">
LIMIT ${start},${length} ;
LIMIT #{start},#{length} ;
</if>
</select>
......@@ -102,7 +102,7 @@
FROM
f_equipment_fire_equipment efe
WHERE
efe.equipment_id = ${equipmentId}
efe.equipment_id = #{equipmentId}
AND efe.fire_equipment_id = fe.id
)
</select>-->
......@@ -121,7 +121,7 @@
FROM
f_equipment_fire_equipment efe
WHERE
efe.equipment_id =${equipmentId}
efe.equipment_id =#{equipmentId}
and f.id = efe.fire_equipment_id
)
</select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_impt_equip.xml
View file @ 5b10dbdf
......@@ -22,7 +22,7 @@
FROM
f_equipment_fire_equipment efe
WHERE
efe.fire_equipment_id = ${fireEquipmentId}
efe.fire_equipment_id = #{fireEquipmentId}
AND efe.equipment_id = fe.id
)
</select>
......@@ -76,7 +76,7 @@
ORDER BY
a.id
<if test="start != -1 and length != -1">
LIMIT ${start},${length} ;
LIMIT #{start},#{length} ;
</if>
</select>
......@@ -103,6 +103,6 @@
FROM
f_equipment
WHERE
id = ${id}
id = #{id}
</select>
</mapper>
\ No newline at end of file
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_preplanpicture.xml
View file @ 5b10dbdf
......@@ -10,6 +10,6 @@
FROM
f_preplan_picture p
WHERE
p.equipment_id = ${equipmentId}
p.equipment_id = #{equipmentId}
</select>
</mapper>
\ No newline at end of file
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_risk_source.xml
View file @ 5b10dbdf
......@@ -99,7 +99,7 @@
f_rpn_change_log cl
WHERE
cl.type = 0
and cl.create_date BETWEEN '${startTime}' and '${endTime}'
and cl.create_date BETWEEN '#{startTime}' and '#{endTime}'
)d
</select>
......@@ -362,7 +362,7 @@
<!-- FROM-->
<!-- f_risk_source_equipment se-->
<!-- WHERE-->
<!-- se.fire_equipment_id = ${fireEquipmentId}-->
<!-- se.fire_equipment_id = #{fireEquipmentId}-->
<!-- AND se.risk_source_id = rs.id-->
<!-- )-->
<!-- </select>-->
......@@ -380,7 +380,7 @@
<!-- FROM-->
<!-- f_risk_source_point_inputitem pi-->
<!-- WHERE-->
<!-- pi.point_id = ${pointId}-->
<!-- pi.point_id = #{pointId}-->
<!-- AND rs.id = pi.risk_source_id-->
<!-- )-->
<!-- </select>-->
......@@ -526,7 +526,7 @@
FROM
f_risk_source rs
WHERE
rs.id = ${riskSourceId};
rs.id = #{riskSourceId};
</select>
<select id="queryForRiskSourceRpni" resultType="map">
......@@ -535,7 +535,7 @@
FROM
f_risk_source rs
WHERE
rs.parent_id = ${parentId};
rs.parent_id = #{parentId};
</select>
<select id="queryForUnqualified" resultType="map">
......@@ -638,7 +638,7 @@
f_fmea ff
JOIN f_risk_factor rf ON ff.risk_factors_id = rf.id
WHERE
rf.id = ${factorId}
rf.id = #{factorId}
)
</select>
<!-- <select id="queryContingencyWater" resultType="com.yeejoin.amos.fas.business.vo.FormInstanceVo">-->
......@@ -734,8 +734,8 @@
INNER JOIN p_point_inputitem ppi ON ppi.ID = ffpi.point_inputitem_id) ffpi
ON ffpi.fmea_id = ff.id
WHERE
ffpi.point_id = ${pointId}
# EXISTS ( SELECT 1 FROM f_risk_source_point_inputitem frspi WHERE frspi.risk_source_id = frs.id AND frspi.point_id = ${pointId} )
ffpi.point_id = #{pointId}
# EXISTS ( SELECT 1 FROM f_risk_source_point_inputitem frspi WHERE frspi.risk_source_id = frs.id AND frspi.point_id = #{pointId} )
# EXISTS ( SELECT
# 1
# FROM
......@@ -744,7 +744,7 @@
# LEFT JOIN p_point_inputitem ppi on ppi.id = fpi.point_inputitem_id
# WHERE
# f.risk_source_id = frs.id
# AND ppi.point_id = ${pointId}
# AND ppi.point_id = #{pointId}
# )
</select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_view3d.xml
View file @ 5b10dbdf
......@@ -612,8 +612,8 @@
<where>
<if test="inputText!=null and inputText != ''">
(
tmp.code LIKE '%${inputText}%'
OR tmp.name LIKE '%${inputText}%'
tmp.code LIKE '%#{inputText}%'
OR tmp.name LIKE '%#{inputText}%'
)
</if>
<if test="type!=null and type!=''">
......@@ -1070,8 +1070,8 @@
<where>
<if test="inputText!=null and inputText != ''">
AND (
tmp.code LIKE '%${inputText}%'
OR tmp.name LIKE '%${inputText}%'
tmp.code LIKE '%#{inputText}%'
OR tmp.name LIKE '%#{inputText}%'
)
</if>
<if test="type!=null and type!=''">
......@@ -1081,7 +1081,7 @@
AND tmp.riskSourceId = #{riskSourceId}
</if>
</where>
LIMIT ${start},${length}
LIMIT #{start},#{length}
</select>
<select id="retrieve3AllCount" resultType="long">
SELECT count(1) FROM (
......@@ -1277,8 +1277,8 @@
<where>
<if test="inputText!=null and inputText != ''">
AND (
tmp.code LIKE '%${inputText}%'
OR tmp.name LIKE '%${inputText}%'
tmp.code LIKE '%#{inputText}%'
OR tmp.name LIKE '%#{inputText}%'
)
</if>
<if test="type!=null and type!=''">
......@@ -1486,8 +1486,8 @@
<where>
<if test="inputText!=null and inputText != ''">
AND (
tmp.code LIKE '%${inputText}%'
OR tmp.name LIKE '%${inputText}%'
tmp.code LIKE '%#{inputText}%'
OR tmp.name LIKE '%#{inputText}%'
)
</if>
<if test="type!=null and type!=''">
......@@ -1500,7 +1500,7 @@
AND (tmp.orgCode = #{orgCode} OR tmp.orgCode like CONCAT(#{orgCode},'-%') )
</if>
</where>
LIMIT ${start},${length}
LIMIT #{start},#{length}
</select>
<select id="getPlanAlarmInfo" resultType="com.yeejoin.amos.fas.business.bo.FirePlanAlarmBo">
SELECT
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment