zoukankan      html  css  js  c++  java

  • jfianl sql 使用append 拼接,防sql注入

      public Page<Channel> getChannelByPage(int pageNum, int pageSize, Map<String , String> paramMap){
        String sql = "SELECT * ";
        String orderBy = " ORDER BY id DESC";
        StringBuilder condition = new StringBuilder("");
        condition.append(" FROM tb_channel WHERE 1=1 ");

        List<Object> values = new ArrayList<Object>();

        if(StringUtils.isNotBlank(paramMap.get("channel_id"))){
            condition.append(" AND channel_id LIKE ?");
            values.add("'%"+paramMap.get("channel_id")+"%'" );
        }
        if(StringUtils.isNotBlank(paramMap.get("channel_name"))){
            condition.append(" AND channel_name LIKE ?");
            values.add("'%"+paramMap.get("channel_name")+"%'" );
        }
        Page<Channel> channel = super.paginate(pageNum, pageSize, sql, condition + orderBy,values.toArray() );
        return channel;
    }
  • 相关阅读:
    asyncio
    pytz
    celery
    xml
    jsonpath
    requests
    SQLite 数据库存储
    SQLite 数据库存储
    Android 记住密码功能
    Android 记住密码功能
  • 原文地址:https://www.cnblogs.com/phyxis/p/6502145.html
Copyright © 2011-2022 走看看