Skip to content

P
property-management
Commit 4f61f0ad by zhangdaiscott
Options

重复check接口,sql注入检查

parent 4a5ff61e
Showing with 10 additions and 6 deletions
jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/DuplicateCheckController.java
package org.jeecg.modules.system.controller; package org.jeecg.modules.system.controller;
import javax.servlet.http.HttpServletRequest; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.StringUtils;
import org.jeecg.common.api.vo.Result; import org.jeecg.common.api.vo.Result;
import org.jeecg.common.util.SqlInjectionUtil;
import org.jeecg.modules.system.mapper.SysDictMapper; import org.jeecg.modules.system.mapper.SysDictMapper;
import org.jeecg.modules.system.model.DuplicateCheckVo; import org.jeecg.modules.system.model.DuplicateCheckVo;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
...@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping; ...@@ -11,9 +13,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RestController;
import io.swagger.annotations.Api; import javax.servlet.http.HttpServletRequest;
import io.swagger.annotations.ApiOperation;
import lombok.extern.slf4j.Slf4j;
/** /**
* @Title: DuplicateCheckAction * @Title: DuplicateCheckAction
...@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j; ...@@ -29,7 +29,7 @@ import lombok.extern.slf4j.Slf4j;
public class DuplicateCheckController { public class DuplicateCheckController {
@Autowired @Autowired
SysDictMapper sysDictMapper; SysDictMapper sysDictMapper;
/** /**
* 校验数据是否在系统中是否存在 * 校验数据是否在系统中是否存在
...@@ -42,6 +42,10 @@ public class DuplicateCheckController { ...@@ -42,6 +42,10 @@ public class DuplicateCheckController {
Long num = null; Long num = null;
log.info("----duplicate check------:"+ duplicateCheckVo.toString()); log.info("----duplicate check------:"+ duplicateCheckVo.toString());
//关联表字典(举例:sys_user,realname,id)
//SQL注入校验(只限制非法串改数据库)
final String[] sqlInjCheck = {duplicateCheckVo.getTableName(),duplicateCheckVo.getFieldName()};
SqlInjectionUtil.filterContent(sqlInjCheck);
if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) { if (StringUtils.isNotBlank(duplicateCheckVo.getDataId())) {
// [2].编辑页面校验 // [2].编辑页面校验
num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo); num = sysDictMapper.duplicateCheckCountSql(duplicateCheckVo);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment