TRKJ/mayfly-go
2
0
Fork 0
mirror of https://gitee.com/dromara/mayfly-go synced 2025-12-08 17:00:26 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: sql字符串拼接改为占位符形式,防sql注入

Browse Source
This commit is contained in:
meilin.huang
2022-10-31 18:39:52 +08:00
committed by 刘宗洋
parent f936331dff
commit 74e5ee41fb
7 changed files with 39 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/internal/mongo/infrastructure/persistence/mongo_repo.go
View File

@@ -23,11 +23,14 @@ func (d *mongoRepoImpl) GetList(condition *entity.MongoQuery, pageParam *model.P
if len(condition.TagIds) > 0 {
sql = sql + " AND d.tag_id IN " + fmt.Sprintf("(%s)", strings.Join(utils.NumberArr2StrArr(condition.TagIds), ","))
}
values := make([]interface{}, 0)
if condition.TagPathLike != "" {
sql = sql + " AND d.tag_path LIKE '" + condition.TagPathLike + "%'"
values = append(values, condition.TagPathLike+"%")
sql = sql + " AND d.tag_path LIKE ?"
}
sql = sql + " ORDER BY d.tag_path"
return model.GetPageBySql(sql, pageParam, toEntity)
return model.GetPageBySql(sql, pageParam, toEntity, values...)
}
func (d *mongoRepoImpl) Count(condition *entity.MongoQuery) int64 {