Skip to content

Y
YeeAmosFireAutoSysRoot
Commit d948c7fd authored by litengwei's avatar litengwei
Browse files
Options

SQL Injection: MyBatis Mapper(SQL注入:MyBatis Mapper)

parent 4bde105b
Hide whitespace changes
Inline Side-by-side
Showing with 23 additions and 23 deletions
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/bizMessage.xml
View file @ d948c7fd
...@@ -13,19 +13,19 @@ ...@@ -13,19 +13,19 @@
WHERE WHERE
1=1 1=1
<if test="time!=null"> <if test="time!=null">
and TO_DAYS(m.time) = TO_DAYS('#{time}') and TO_DAYS(m.time) = TO_DAYS(#{time})
</if> </if>
<if test="type!=null"> <if test="type!=null">
AND m.type = '#{type}' AND m.type = #{type}
</if> </if>
<if test="title!=null"> <if test="title!=null">
AND m.title LIKE '%#{title}%' AND m.title LIKE CONCAT('%',#{title},'%')
</if> </if>
<if test="orgCode!=null"> <if test="orgCode!=null">
AND ( AND (
m.org_code = '#{orgCode}' m.org_code = #{orgCode}
OR m.org_code LIKE '#{orgCode}*%' OR m.org_code LIKE CONCAT('%',#{orgCode},'*%')
) )
</if> </if>
</select> </select>
...@@ -43,15 +43,15 @@ ...@@ -43,15 +43,15 @@
</if> </if>
<if test="type!=null"> <if test="type!=null">
AND m.type = '#{type}' AND m.type = #{type}
</if> </if>
<if test="title!=null"> <if test="title!=null">
AND m.title LIKE '%#{title}%' AND m.title LIKE CONCAT('%',#{title},'%')
</if> </if>
<if test="orgCode!=null"> <if test="orgCode!=null">
AND ( AND (
m.org_code = '#{orgCode}' m.org_code = #{orgCode}
OR m.org_code LIKE '#{orgCode}*%' OR m.org_code LIKE CONCAT('%',#{orgCode},'%')
) )
</if> </if>
LIMIT #{start},#{length} ; LIMIT #{start},#{length} ;
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fier_station.xml
View file @ d948c7fd
...@@ -126,14 +126,14 @@ ...@@ -126,14 +126,14 @@
a.instance_id a.instance_id
) s ) s
<if test="name!=null"> <if test="name!=null">
AND s.name LIKE '%#{name}%' AND s.name LIKE CONCAT('%',#{name},'%')
</if> </if>
<if test="code!=null"> <if test="code!=null">
AND s.`code` LIKE '%#{code}%' AND s.`code` LIKE CONCAT('%',#{code},'%')
</if> </if>
<if test="type!=null"> <if test="type!=null">
AND s.`type` LIKE '%#{type}%'; AND s.`type` LIKE CONCAT('%',#{type},'%');
</if> </if>
</select> </select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_fire_equip.xml
View file @ d948c7fd
...@@ -139,10 +139,10 @@ ...@@ -139,10 +139,10 @@
) d ) d
<where> <where>
<if test="fireEquipmentName!=null"> <if test="fireEquipmentName!=null">
AND d.fireEquipmentName LIKE '%#{fireEquipmentName}%' AND d.fireEquipmentName LIKE CONCAT('%',#{fireEquipmentName},'%')
</if> </if>
<if test="equipmentName!=null"> <if test="equipmentName!=null">
AND d.equipmentName LIKE '%#{equipmentName}%' AND d.equipmentName LIKE CONCAT('%',#{equipmentName},'%')
</if> </if>
<if test="startTime != null and startTime != ''"> <if test="startTime != null and startTime != ''">
AND d.update_date &gt;= #{startTime} AND d.update_date &gt;= #{startTime}
...@@ -194,10 +194,10 @@ ...@@ -194,10 +194,10 @@
) d ) d
<where> <where>
<if test="fireEquipmentName!=null"> <if test="fireEquipmentName!=null">
AND d.fireEquipmentName LIKE '%#{fireEquipmentName}%' AND d.fireEquipmentName LIKE CONCAT('%',#{fireEquipmentName},'%')
</if> </if>
<if test="equipmentName!=null"> <if test="equipmentName!=null">
AND d.equipmentName LIKE '%#{equipmentName}%' AND d.equipmentName LIKE CONCAT('%',#{equipmentName},'%')
</if> </if>
<if test="startTime != null and startTime != ''"> <if test="startTime != null and startTime != ''">
AND d.create_date &gt;= #{startTime} AND d.create_date &gt;= #{startTime}
...@@ -509,7 +509,7 @@ ...@@ -509,7 +509,7 @@
WHERE WHERE
efe.equipment_id = #{equipmentId} efe.equipment_id = #{equipmentId}
<if test="fname != null"> <if test="fname != null">
AND fe.`name` like '%#{fname}%' AND fe.`name` like CONCAT('%',#{fname},'%')
</if> </if>
<if test="length > 0"> <if test="length > 0">
LIMIT #{start},#{length} ; LIMIT #{start},#{length} ;
...@@ -527,7 +527,7 @@ ...@@ -527,7 +527,7 @@
WHERE WHERE
efe.equipment_id = #{equipmentId} efe.equipment_id = #{equipmentId}
<if test="fname != null"> <if test="fname != null">
AND fe.`name` like '%#{fname}%' AND fe.`name` like CONCAT('%',#{fname},'%')
</if> </if>
</select> </select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_risk_source.xml
View file @ d948c7fd
...@@ -99,7 +99,7 @@ ...@@ -99,7 +99,7 @@
f_rpn_change_log cl f_rpn_change_log cl
WHERE WHERE
cl.type = 0 cl.type = 0
and cl.create_date BETWEEN '#{startTime}' and '#{endTime}' and cl.create_date BETWEEN #{startTime} and #{endTime}
)d )d
</select> </select>
......
YeeAmosFireAutoSysStart/src/main/resources/db/mapper/dbTemplate_view3d.xml
View file @ d948c7fd
...@@ -1070,8 +1070,8 @@ ...@@ -1070,8 +1070,8 @@
<where> <where>
<if test="inputText!=null and inputText != ''"> <if test="inputText!=null and inputText != ''">
AND ( AND (
tmp.code LIKE '%#{inputText}%' tmp.code LIKE CONCAT('%',#{inputText},'%')
OR tmp.name LIKE '%#{inputText}%' OR tmp.name LIKE CONCAT('%',#{inputText},'%')
) )
</if> </if>
<if test="type!=null and type!=''"> <if test="type!=null and type!=''">
...@@ -1277,8 +1277,8 @@ ...@@ -1277,8 +1277,8 @@
<where> <where>
<if test="inputText!=null and inputText != ''"> <if test="inputText!=null and inputText != ''">
AND ( AND (
tmp.code LIKE '%#{inputText}%' tmp.code LIKE CONCAT('%',#{inputText},'%')
OR tmp.name LIKE '%#{inputText}%' OR tmp.name LIKE CONCAT('%',#{inputText},'%')
) )
</if> </if>
<if test="type!=null and type!=''"> <if test="type!=null and type!=''">
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment