TRKJ/mayfly-go
2
0
Fork 0
mirror of https://gitee.com/dromara/mayfly-go synced 2025-11-04 00:10:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

!49 对于update和delete的SQL操作,建议增加where条件检测,缺失where条件时不执行相应的SQL

Browse Source 
Merge pull request !49 from amell/sql_where
This commit is contained in:
Coder慌
2023-06-17 09:25:02 +00:00
committed by Gitee
parent 64f8f9a200 481b622e3b
commit 62c25afea8
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/internal/db/application/db_sql_exec.go
View File

@@ -193,6 +193,7 @@ func doUpdate(update *sqlparser.Update, execSqlReq *DbSqlExecReq, dbSqlExec *ent
// 可能使用别名,故空格切割 // 可能使用别名,故空格切割
tableName := strings.Split(tableStr, " ")[0] tableName := strings.Split(tableStr, " ")[0]
where := sqlparser.String(update.Where) where := sqlparser.String(update.Where)
biz.IsTrue(len(where) > 0, "SQL[%s]未执行. 请完善 where 条件后再执行", execSqlReq.Sql)
updateExprs := update.Exprs updateExprs := update.Exprs
updateColumns := make([]string, 0) updateColumns := make([]string, 0)
@@ -227,6 +228,7 @@ func doDelete(delete *sqlparser.Delete, execSqlReq *DbSqlExecReq, dbSqlExec *ent
// 可能使用别名,故空格切割 // 可能使用别名,故空格切割
table := strings.Split(tableStr, " ")[0] table := strings.Split(tableStr, " ")[0]
where := sqlparser.String(delete.Where) where := sqlparser.String(delete.Where)
biz.IsTrue(len(where) > 0, "SQL[%s]未执行. 请完善 where 条件后再执行", execSqlReq.Sql)
// 查询删除数据 // 查询删除数据
selectSql := fmt.Sprintf("SELECT * FROM %s %s LIMIT 200", tableStr, where) selectSql := fmt.Sprintf("SELECT * FROM %s %s LIMIT 200", tableStr, where)