From 2e5589e112d128b650361843219429986d3b2e0d Mon Sep 17 00:00:00 2001
From: "meilin.huang" <954537473@qq.com>
Date: Mon, 31 Oct 2022 18:39:52 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20sql=E5=AD=97=E7=AC=A6=E4=B8=B2=E6=8B=BC?=
 =?UTF-8?q?=E6=8E=A5=E6=94=B9=E4=B8=BA=E5=8D=A0=E4=BD=8D=E7=AC=A6=E5=BD=A2?=
 =?UTF-8?q?=E5=BC=8F=EF=BC=8C=E9=98=B2sql=E6=B3=A8=E5=85=A5?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/internal/db/infrastructure/persistence/db.go | 13 +++++++++----
 .../machine/infrastructure/persistence/machine.go   | 13 +++++++++----
 .../mongo/infrastructure/persistence/mongo_repo.go  |  7 +++++--
 .../redis/infrastructure/persistence/redis_repo.go  | 10 ++++++----
 .../sys/infrastructure/persistence/account_repo.go  |  7 ++++---
 .../tag/infrastructure/persistence/team_member.go   |  7 +++++--
 server/pkg/model/model.go                           |  2 +-
 7 files changed, 39 insertions(+), 20 deletions(-)

diff --git a/server/internal/db/infrastructure/persistence/db.go b/server/internal/db/infrastructure/persistence/db.go
index b375c6e8..03daf496 100644
--- a/server/internal/db/infrastructure/persistence/db.go
+++ b/server/internal/db/infrastructure/persistence/db.go
@@ -19,20 +19,25 @@ func newDbRepo() repository.Db {
 // 分页获取数据库信息列表
 func (d *dbRepoImpl) GetDbList(condition *entity.DbQuery, pageParam *model.PageParam, toEntity interface{}, orderBy ...string) *model.PageResult {
 	sql := "SELECT d.* FROM t_db d WHERE 1 = 1 "
+
+	values := make([]interface{}, 0)
 	if condition.Host != "" {
-		sql = sql + " AND d.host LIKE '%" + condition.Host + "%'"
+		sql = sql + " AND d.host LIKE ?"
+		values = append(values, "%"+condition.Host+"%")
 	}
 	if condition.Database != "" {
-		sql = sql + " AND d.database LIKE '%" + condition.Database + "%'"
+		sql = sql + " AND d.database LIKE ?"
+		values = append(values, "%"+condition.Database+"%")
 	}
 	if len(condition.TagIds) > 0 {
 		sql = sql + " AND d.tag_id IN " + fmt.Sprintf("(%s)", strings.Join(utils.NumberArr2StrArr(condition.TagIds), ","))
 	}
 	if condition.TagPathLike != "" {
-		sql = sql + " AND d.tag_path LIKE '" + condition.TagPathLike + "%'"
+		sql = sql + " AND d.tag_path LIKE ?"
+		values = append(values, "%"+condition.TagPathLike+"%")
 	}
 	sql = sql + " ORDER BY d.tag_path"
-	return model.GetPageBySql(sql, pageParam, toEntity)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (d *dbRepoImpl) Count(condition *entity.DbQuery) int64 {
diff --git a/server/internal/machine/infrastructure/persistence/machine.go b/server/internal/machine/infrastructure/persistence/machine.go
index 48bc89de..0c41b4c0 100644
--- a/server/internal/machine/infrastructure/persistence/machine.go
+++ b/server/internal/machine/infrastructure/persistence/machine.go
@@ -19,20 +19,25 @@ func newMachineRepo() repository.Machine {
 // 分页获取机器信息列表
 func (m *machineRepoImpl) GetMachineList(condition *entity.MachineQuery, pageParam *model.PageParam, toEntity interface{}, orderBy ...string) *model.PageResult {
 	sql := "SELECT m.* FROM t_machine m WHERE 1 = 1 "
+
+	values := make([]interface{}, 0)
 	if condition.Ip != "" {
-		sql = sql + " AND m.ip LIKE '%" + condition.Ip + "%'"
+		sql = sql + " AND m.ip LIKE ?"
+		values = append(values, "%"+condition.Ip+"%")
 	}
 	if condition.Name != "" {
-		sql = sql + " AND m.name LIKE '%" + condition.Name + "%'"
+		sql = sql + " AND m.name LIKE ?"
+		values = append(values, "%"+condition.Name+"%")
 	}
 	if len(condition.TagIds) > 0 {
 		sql = fmt.Sprintf("%s AND m.tag_id IN (%s) ", sql, strings.Join(utils.NumberArr2StrArr(condition.TagIds), ","))
 	}
 	if condition.TagPathLike != "" {
-		sql = sql + " AND m.tag_path LIKE '" + condition.TagPathLike + "%'"
+		sql = sql + " AND m.tag_path LIKE ?"
+		values = append(values, condition.TagPathLike+"%")
 	}
 	sql = sql + " ORDER BY m.tag_path"
-	return model.GetPageBySql(sql, pageParam, toEntity)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (m *machineRepoImpl) Count(condition *entity.MachineQuery) int64 {
diff --git a/server/internal/mongo/infrastructure/persistence/mongo_repo.go b/server/internal/mongo/infrastructure/persistence/mongo_repo.go
index b182587c..ba7522a1 100644
--- a/server/internal/mongo/infrastructure/persistence/mongo_repo.go
+++ b/server/internal/mongo/infrastructure/persistence/mongo_repo.go
@@ -23,11 +23,14 @@ func (d *mongoRepoImpl) GetList(condition *entity.MongoQuery, pageParam *model.P
 	if len(condition.TagIds) > 0 {
 		sql = sql + " AND d.tag_id IN " + fmt.Sprintf("(%s)", strings.Join(utils.NumberArr2StrArr(condition.TagIds), ","))
 	}
+
+	values := make([]interface{}, 0)
 	if condition.TagPathLike != "" {
-		sql = sql + " AND d.tag_path LIKE '" + condition.TagPathLike + "%'"
+		values = append(values, condition.TagPathLike+"%")
+		sql = sql + " AND d.tag_path LIKE ?"
 	}
 	sql = sql + " ORDER BY d.tag_path"
-	return model.GetPageBySql(sql, pageParam, toEntity)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (d *mongoRepoImpl) Count(condition *entity.MongoQuery) int64 {
diff --git a/server/internal/redis/infrastructure/persistence/redis_repo.go b/server/internal/redis/infrastructure/persistence/redis_repo.go
index c3dfe2c4..ccf8926d 100644
--- a/server/internal/redis/infrastructure/persistence/redis_repo.go
+++ b/server/internal/redis/infrastructure/persistence/redis_repo.go
@@ -19,18 +19,20 @@ func newRedisRepo() repository.Redis {
 // 分页获取机器信息列表
 func (r *redisRepoImpl) GetRedisList(condition *entity.RedisQuery, pageParam *model.PageParam, toEntity interface{}, orderBy ...string) *model.PageResult {
 	sql := "SELECT d.* FROM t_redis d WHERE 1=1  "
-
+	values := make([]interface{}, 0)
 	if condition.Host != "" {
-		sql = sql + " AND d.host LIKE '%" + condition.Host + "%'"
+		sql = sql + " AND d.host LIKE ?"
+		values = append(values, "%"+condition.Host+"%")
 	}
 	if len(condition.TagIds) > 0 {
 		sql = sql + " AND d.tag_id IN " + fmt.Sprintf("(%s)", strings.Join(utils.NumberArr2StrArr(condition.TagIds), ","))
 	}
 	if condition.TagPathLike != "" {
-		sql = sql + " AND d.tag_path LIKE '" + condition.TagPathLike + "%'"
+		sql = sql + " AND d.tag_path LIKE ?"
+		values = append(values, condition.TagPathLike+"%")
 	}
 	sql = sql + " ORDER BY d.tag_path"
-	return model.GetPageBySql(sql, pageParam, toEntity)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (r *redisRepoImpl) Count(condition *entity.RedisQuery) int64 {
diff --git a/server/internal/sys/infrastructure/persistence/account_repo.go b/server/internal/sys/infrastructure/persistence/account_repo.go
index 38c25972..6bdb4c7d 100644
--- a/server/internal/sys/infrastructure/persistence/account_repo.go
+++ b/server/internal/sys/infrastructure/persistence/account_repo.go
@@ -20,11 +20,12 @@ func (a *accountRepoImpl) GetAccount(condition *entity.Account, cols ...string)
 func (m *accountRepoImpl) GetPageList(condition *entity.Account, pageParam *model.PageParam, toEntity interface{}, orderBy ...string) *model.PageResult {
 	sql := "SELECT * FROM t_sys_account "
 	username := condition.Username
+	values := make([]interface{}, 0)
 	if username != "" {
-		sql = sql + " WHERE username LIKE '%" + username + "%'"
+		sql = sql + " WHERE username LIKE ?"
+		values = append(values, "%"+username+"%")
 	}
-	return model.GetPageBySql(sql, pageParam, toEntity)
-	// return model.GetPage(pageParam, condition, toEntity, orderBy...)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (m *accountRepoImpl) Insert(account *entity.Account) {
diff --git a/server/internal/tag/infrastructure/persistence/team_member.go b/server/internal/tag/infrastructure/persistence/team_member.go
index 4be479f5..cf18aa0d 100644
--- a/server/internal/tag/infrastructure/persistence/team_member.go
+++ b/server/internal/tag/infrastructure/persistence/team_member.go
@@ -31,11 +31,14 @@ func (p *teamMemberRepoImpl) GetPageList(condition *entity.TeamMember, pageParam
 	if condition.TeamId != 0 {
 		sql = fmt.Sprintf("%s AND d.team_id = %d", sql, condition.TeamId)
 	}
+
+	values := make([]interface{}, 0)
 	if condition.Username != "" {
-		sql = sql + " AND d.Username LIKE '%" + condition.Username + "%'"
+		sql = sql + " AND d.Username LIKE ?"
+		values = append(values, "%"+condition.Username+"%")
 	}
 	sql = sql + " ORDER BY d.id DESC"
-	return model.GetPageBySql(sql, pageParam, toEntity)
+	return model.GetPageBySql(sql, pageParam, toEntity, values...)
 }
 
 func (p *teamMemberRepoImpl) DeleteBy(condition *entity.TeamMember) {
diff --git a/server/pkg/model/model.go b/server/pkg/model/model.go
index 1045260c..3ad970d6 100644
--- a/server/pkg/model/model.go
+++ b/server/pkg/model/model.go
@@ -217,7 +217,7 @@ func GetPageBySql(sql string, param *PageParam, toModel interface{}, args ...int
 	}
 	// 分页查询
 	limitSql := sql + " LIMIT " + strconv.Itoa((param.PageNum-1)*param.PageSize) + ", " + strconv.Itoa(param.PageSize)
-	err = db.Raw(limitSql).Scan(toModel).Error
+	err = db.Raw(limitSql, args...).Scan(toModel).Error
 	biz.ErrIsNil(err, "查询失败: %s")
 	return &PageResult{Total: int64(count), List: toModel}
 }