TRKJ/mayfly-go
2
0
Fork 0
mirror of https://gitee.com/dromara/mayfly-go synced 2025-12-27 09:56:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: sql字符串拼接改为占位符形式,防sql注入

Browse Source
This commit is contained in:
meilin.huang
2022-10-31 18:39:52 +08:00
parent 2598a60898
commit 2e5589e112
7 changed files with 39 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/internal/sys/infrastructure/persistence/account_repo.go
View File

@@ -20,11 +20,12 @@ func (a *accountRepoImpl) GetAccount(condition *entity.Account, cols ...string)
func (m *accountRepoImpl) GetPageList(condition *entity.Account, pageParam *model.PageParam, toEntity interface{}, orderBy ...string) *model.PageResult {
sql := "SELECT * FROM t_sys_account "
username := condition.Username
values := make([]interface{}, 0)
if username != "" {
sql = sql + " WHERE username LIKE '%" + username + "%'"
sql = sql + " WHERE username LIKE ?"
values = append(values, "%"+username+"%")
}
return model.GetPageBySql(sql, pageParam, toEntity)
// return model.GetPage(pageParam, condition, toEntity, orderBy...)
return model.GetPageBySql(sql, pageParam, toEntity, values...)
}
func (m *accountRepoImpl) Insert(account *entity.Account) {