org.jeecg.common.util.SqlInjectionUtil Java Examples
The following examples show how to use
org.jeecg.common.util.SqlInjectionUtil.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: QueryGenerator.java From jeecg-cloud with Apache License 2.0 | 6 votes |
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) { String column=null,order=null; if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) { column = parameterMap.get(ORDER_COLUMN)[0]; } if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) { order = parameterMap.get(ORDER_TYPE)[0]; } log.debug("排序规则>>列:"+column+",排序方式:"+order); if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) { //字典字段,去掉字典翻译文本后缀 if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) { column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX)); } //SQL注入check SqlInjectionUtil.filterContent(column); if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) { queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column)); } else { queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column)); } } }
Example #2
Source File: QueryGenerator.java From jeecg-boot-with-activiti with MIT License | 6 votes |
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) { String column=null,order=null; if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) { column = parameterMap.get(ORDER_COLUMN)[0]; } if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) { order = parameterMap.get(ORDER_TYPE)[0]; } log.debug("排序规则>>列:"+column+",排序方式:"+order); if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) { //字典字段,去掉字典翻译文本后缀 if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) { column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX)); } //SQL注入check SqlInjectionUtil.filterContent(column); if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) { queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column)); } else { queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column)); } } }
Example #3
Source File: QueryGenerator.java From teaching with Apache License 2.0 | 6 votes |
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) { String column=null,order=null; if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) { column = parameterMap.get(ORDER_COLUMN)[0]; } if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) { order = parameterMap.get(ORDER_TYPE)[0]; } log.debug("排序规则>>列:"+column+",排序方式:"+order); if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) { //字典字段,去掉字典翻译文本后缀 if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) { column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX)); } //SQL注入check SqlInjectionUtil.filterContent(column); if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) { queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column)); } else { queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column)); } } }
Example #4
Source File: QueryGenerator.java From jeecg-boot with Apache License 2.0 | 6 votes |
public static void doMultiFieldsOrder(QueryWrapper<?> queryWrapper,Map<String, String[]> parameterMap) { String column=null,order=null; if(parameterMap!=null&& parameterMap.containsKey(ORDER_COLUMN)) { column = parameterMap.get(ORDER_COLUMN)[0]; } if(parameterMap!=null&& parameterMap.containsKey(ORDER_TYPE)) { order = parameterMap.get(ORDER_TYPE)[0]; } log.debug("排序规则>>列:"+column+",排序方式:"+order); if (oConvertUtils.isNotEmpty(column) && oConvertUtils.isNotEmpty(order)) { //字典字段,去掉字典翻译文本后缀 if(column.endsWith(CommonConstant.DICT_TEXT_SUFFIX)) { column = column.substring(0, column.lastIndexOf(CommonConstant.DICT_TEXT_SUFFIX)); } //SQL注入check SqlInjectionUtil.filterContent(column); if (order.toUpperCase().indexOf(ORDER_TYPE_ASC)>=0) { queryWrapper.orderByAsc(oConvertUtils.camelToUnderline(column)); } else { queryWrapper.orderByDesc(oConvertUtils.camelToUnderline(column)); } } }
Example #5
Source File: SysDictController.java From jeecg-cloud with Apache License 2.0 | 4 votes |
/** * 获取字典数据 * @param dictCode 字典code * @param dictCode 表名,文本字段,code字段 | 举例:sys_user,realname,id * @return */ @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { log.info(" dictCode : "+ dictCode); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; try { if(dictCode.indexOf(",")!=-1) { //关联表字典(举例:sys_user,realname,id) String[] params = dictCode.split(","); if(params.length<3) { result.error500("字典Code格式不正确!"); return result; } //SQL注入校验(只限制非法串改数据库) final String[] sqlInjCheck = {params[0],params[1],params[2]}; SqlInjectionUtil.filterContent(sqlInjCheck); if(params.length==4) { //SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用) SqlInjectionUtil.specialFilterContent(params[3]); ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]); }else if (params.length==3) { ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]); }else{ result.error500("字典Code格式不正确!"); return result; } }else { //字典表 ls = sysDictService.queryDictItemsByCode(dictCode); } result.setSuccess(true); result.setResult(ls); log.info(result.toString()); } catch (Exception e) { log.error(e.getMessage(),e); result.error500("操作失败"); return result; } return result; }
Example #6
Source File: SysDictController.java From jeecg-boot-with-activiti with MIT License | 4 votes |
/** * 获取字典数据 * @param dictCode 字典code * @param dictCode 表名,文本字段,code字段 | 举例:sys_user,realname,id * @return */ @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) public Result<List<DictModel>> getDictItems(@PathVariable String dictCode) { log.info(" dictCode : "+ dictCode); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; try { if(dictCode.indexOf(",")!=-1) { //关联表字典(举例:sys_user,realname,id) String[] params = dictCode.split(","); if(params.length<3) { result.error500("字典Code格式不正确!"); return result; } //SQL注入校验(只限制非法串改数据库) final String[] sqlInjCheck = {params[0],params[1],params[2]}; SqlInjectionUtil.filterContent(sqlInjCheck); if(params.length==4) { //SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用) SqlInjectionUtil.specialFilterContent(params[3]); ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]); }else if (params.length==3) { ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]); }else{ result.error500("字典Code格式不正确!"); return result; } }else { //字典表 ls = sysDictService.queryDictItemsByCode(dictCode); } result.setSuccess(true); result.setResult(ls); log.info(result.toString()); } catch (Exception e) { log.error(e.getMessage(),e); result.error500("操作失败"); return result; } return result; }
Example #7
Source File: SysDictController.java From teaching with Apache License 2.0 | 4 votes |
/** * 获取字典数据 * @param dictCode 字典code * @param dictCode 表名,文本字段,code字段 | 举例:sys_user,realname,id * @return */ @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) public Result<List<DictModel>> getDictItems(@PathVariable String dictCode) { log.info(" dictCode : "+ dictCode); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; try { if(dictCode.indexOf(",")!=-1) { //关联表字典(举例:sys_user,realname,id) String[] params = dictCode.split(","); if(params.length<3) { result.error500("字典Code格式不正确!"); return result; } //SQL注入校验(只限制非法串改数据库) final String[] sqlInjCheck = {params[0],params[1],params[2]}; SqlInjectionUtil.filterContent(sqlInjCheck); if(params.length==4) { //SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用) SqlInjectionUtil.specialFilterContent(params[3]); ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]); }else if (params.length==3) { ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]); }else{ result.error500("字典Code格式不正确!"); return result; } }else { //字典表 ls = sysDictService.queryDictItemsByCode(dictCode); } result.setSuccess(true); result.setResult(ls); log.info(result.toString()); } catch (Exception e) { log.error(e.getMessage(),e); result.error500("操作失败"); return result; } return result; }
Example #8
Source File: SysDictController.java From jeecg-boot with Apache License 2.0 | 4 votes |
/** * 获取字典数据 * @param dictCode 字典code * @param dictCode 表名,文本字段,code字段 | 举例:sys_user,realname,id * @return */ @RequestMapping(value = "/getDictItems/{dictCode}", method = RequestMethod.GET) public Result<List<DictModel>> getDictItems(@PathVariable String dictCode, @RequestParam(value = "sign",required = false) String sign,HttpServletRequest request) { log.info(" dictCode : "+ dictCode); Result<List<DictModel>> result = new Result<List<DictModel>>(); List<DictModel> ls = null; try { if(dictCode.indexOf(",")!=-1) { //关联表字典(举例:sys_user,realname,id) String[] params = dictCode.split(","); if(params.length<3) { result.error500("字典Code格式不正确!"); return result; } //SQL注入校验(只限制非法串改数据库) final String[] sqlInjCheck = {params[0],params[1],params[2]}; SqlInjectionUtil.filterContent(sqlInjCheck); if(params.length==4) { //SQL注入校验(查询条件SQL 特殊check,此方法仅供此处使用) SqlInjectionUtil.specialFilterContent(params[3]); ls = sysDictService.queryTableDictItemsByCodeAndFilter(params[0],params[1],params[2],params[3]); }else if (params.length==3) { ls = sysDictService.queryTableDictItemsByCode(params[0],params[1],params[2]); }else{ result.error500("字典Code格式不正确!"); return result; } }else { //字典表 ls = sysDictService.queryDictItemsByCode(dictCode); } result.setSuccess(true); result.setResult(ls); log.info(result.toString()); } catch (Exception e) { log.error(e.getMessage(),e); result.error500("操作失败"); return result; } return result; }