Skip to content

Commit 26042e2

Browse files
TommyLemonTommyLemon
committed
Server防SQL注入:防put接口注入
1 parent c419bd6 commit 26042e2

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

APIJSON-Java-Server/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1010,7 +1010,7 @@ public String getSetString() throws Exception {
10101010
* @return
10111011
* @throws Exception
10121012
*/
1013-
public static String getSetString(RequestMethod method, Map<String, Object> content, boolean verifyName) throws Exception {
1013+
public String getSetString(RequestMethod method, Map<String, Object> content, boolean verifyName) throws Exception {
10141014
Set<String> set = content == null ? null : content.keySet();
10151015
if (set != null && set.size() > 0) {
10161016
String setString = "";
@@ -1032,7 +1032,7 @@ public static String getSetString(RequestMethod method, Map<String, Object> cont
10321032
key = getRealKey(method, key, false, true, verifyName);
10331033

10341034
setString += (isFirst ? "" : ", ") + (key + "=" + (keyType == 1 ? getAddString(key, value) : (keyType == 2
1035-
? getRemoveString(key, value) : "'" + value + "'") ) );
1035+
? getRemoveString(key, value) : getValue(value)) ) );
10361036

10371037
isFirst = false;
10381038
}
@@ -1050,12 +1050,12 @@ public static String getSetString(RequestMethod method, Map<String, Object> cont
10501050
* @return CONCAT (key, 'value')
10511051
* @throws IllegalArgumentException
10521052
*/
1053-
public static String getAddString(String key, Object value) throws IllegalArgumentException {
1053+
public String getAddString(String key, Object value) throws IllegalArgumentException {
10541054
if (value instanceof Number) {
10551055
return key + " + " + value;
10561056
}
10571057
if (value instanceof String) {
1058-
return " CONCAT (" + key + ", '" + value + "') ";
1058+
return " CONCAT (" + key + ", " + getValue(value) + ") ";
10591059
}
10601060
throw new IllegalArgumentException(key + "+ 对应的值 " + value + " 不是Number,String,Array中的任何一种!");
10611061
}
@@ -1065,12 +1065,12 @@ public static String getAddString(String key, Object value) throws IllegalArgume
10651065
* @return REPLACE (key, 'value', '')
10661066
* @throws IllegalArgumentException
10671067
*/
1068-
public static String getRemoveString(String key, Object value) throws IllegalArgumentException {
1068+
public String getRemoveString(String key, Object value) throws IllegalArgumentException {
10691069
if (value instanceof Number) {
10701070
return key + " - " + value;
10711071
}
10721072
if (value instanceof String) {
1073-
return SQL.replace(key, (String) value, "");// " replace(" + key + ", '" + value + "', '') ";
1073+
return SQL.replace(key, (String) getValue(value), "");// " replace(" + key + ", '" + value + "', '') ";
10741074
}
10751075
throw new IllegalArgumentException(key + "- 对应的值 " + value + " 不是Number,String,Array中的任何一种!");
10761076
}

0 commit comments

Comments
 (0)