sql注入漏洞修复

README.TXT

-foc.hrm.base.url=http://123.56.146.7
-foc.hrm.url=/flightinterface/uss/json/flight/searchEmpInfo.json
-foc.ods.url=/flightinterface/uss/json/flight/searchCrewSchedule.json
-foc.ods.change.url=/flightinterface/uss/json/flight/searchFltChangesByDetails.json
-foc.flight.dynamic.url=/flightinterface/uss/json/flight/searchFlightDynamics.json
-ai.cp=10.68.26.52
-ai.cc=7
-ai.ct=1
-# 接口每页数量
-pageSize=1000
-# 默认角色ID
-innerRoleId=46a765748809446f899040e2f05fc35b
-# 默认用户头像（男女）
-female.photo=images/user/avatar/female_avatar.png
-male.photo=images/user/avatar/male_avatar.png
-# 接口时间频率间隔（单位秒）
-politeness.delay.seconds=210
-# 默认地区ID
-default.area.id=1
-# 时区差，当前小时大于次数时只同步今天的数据，否则读取近两天的数据
-# （如果填写为24以上的则不做时间差限制，每次都读取两天的数据）
-start.time.offset.hour=8
\ No newline at end of file
+录音,航班动态数据等定时
\ No newline at end of file

src/com/foc/task/AnkeDateMiIdMain.java

@@ -41,11 +41,14 @@ public class AnkeDateMiIdMain {
         ResultSet rs = null;
         PreparedStatement pstmt = null;
         try {
-            System.out.println("select MIN(id) AS minid from "+tableName +" WHERE stm>='"+args[0]+"'");
+            System.out.println("select MIN(id) AS minid from dbo.cdr WHERE stm>='"+args[0]+"'");
             Class.forName(driver);
             conn = DriverManager.getConnection(url, username, password);
+//            pstmt = conn
+//                    .prepareStatement("select MIN(id) AS minid from "+tableName +" WHERE stm>='"+args[0]+"'");
             pstmt = conn
-                    .prepareStatement("select MIN(id) AS minid from "+tableName +" WHERE stm>='"+args[0]+"'");
+                    .prepareStatement("select MIN(id) AS minid from dbo.cdr WHERE stm>=?");
+            pstmt.setString(1, args[0]);
             rs = pstmt.executeQuery();
             if(rs.next()){
                 

src/com/foc/task/SoundDbTaskMain.java

@@ -114,8 +114,12 @@ public class SoundDbTaskMain {
             System.out.println("[SoundTaskMain]统计ID段[" + minId + " ]TO[" + maxId + " ]大概[" + (maxId - minId + 1) + "]条");
             Class.forName(driver);
             conn = DriverManager.getConnection(url, username, password);
+//            pstmt = conn
+//                    .prepareStatement("select * from " + tableName + " where id BETWEEN " + minId + " AND " + maxId + " order by id ASC");
             pstmt = conn
-                    .prepareStatement("select * from " + tableName + " where id BETWEEN " + minId + " AND " + maxId + " order by id ASC");
+                    .prepareStatement("select * from dbo.cdr where id BETWEEN ? AND ? order by id ASC");
+            pstmt.setLong(1, minId);
+            pstmt.setLong(2, maxId);
             rs = pstmt.executeQuery();
             Long newMaxId = 0L;
             List<Map<String, Object>> sounds = new ArrayList<>();