sql注入漏洞修复

c23874b3 · 罗胜 · 8a85d9fa · c23874b3 · c23874b3 · c23874b3
Commit c23874b3 authored Sep 23, 2024 by 罗胜
Showing with 16 additions and 9 deletions

SoundService.java src/com/foc/sound/service/SoundService.java +9 -5

SoundDbTaskMain.java src/com/foc/task/SoundDbTaskMain.java +1 -1

DBHelper.java src/com/foc/util/DBHelper.java +6 -3

No files found.
--- a/src/com/foc/sound/service/SoundService.java
+++ b/src/com/foc/sound/service/SoundService.java
@@ -550,13 +550,17 @@ public class SoundService {
        if (GConstants.NO.equals(flag)) {
            tableName = Constants.FOC_SOUND_RECORDS;
        }
-        stringBuilder.append("FROM ").append(tableName).append("\n")
+        stringBuilder.append("FROM ").append(" ? ").append("\n")
                .append("WHERE end_status != 'INIT'\n")
-                .append("AND create_name = '").append(callUser.getName()).append("'\n")
+                .append("AND create_name = ? \n")
-                .append("AND start_time <= '").append(entity.getEndTime()).append("'\n")
+                .append("AND start_time <= ? '\n")
-                .append("AND id != '").append(recordId).append("'\n")
+                .append("AND id != ? \n")
                .append("ORDER BY start_time DESC");
-        List<Map<String, Object>> soundRecordsList = DBHelper.fetch("foc", stringBuilder.toString());
+        List<Object> params=new ArrayList<>();
+        params.add(callUser.getName());
+        params.add(DateUtil.dateToStr(entity.getEndTime(),"yyyy-MM-dd hh:mm:ss"));
+        params.add(recordId);
+        List<Map<String, Object>> soundRecordsList = DBHelper.fetch("foc", stringBuilder.toString(),params);
        // 过滤掉了id，所以查出的数据就是重复的
        if (soundRecordsList != null && soundRecordsList.size() > 0) {
            for (Map<String, Object> map : soundRecordsList) {

--- a/src/com/foc/task/SoundDbTaskMain.java
+++ b/src/com/foc/task/SoundDbTaskMain.java
@@ -206,7 +206,7 @@ public class SoundDbTaskMain {
            Class.forName(driver);
            conn = DriverManager.getConnection(url, username, password);
            pstmt = conn
-                    .prepareStatement("select MAX(id) AS maxid from " + tableName);
+                    .prepareStatement("select MAX(id) AS maxid from dbo.cdr" );
            rs = pstmt.executeQuery();
            while (rs.next()) {

--- a/src/com/foc/util/DBHelper.java
+++ b/src/com/foc/util/DBHelper.java
@@ -500,9 +500,9 @@ public class DBHelper {
     * @param query
     * @return
     */
-    public static List<Map<String, Object>> fetch(String name, String query){
+    public static List<Map<String, Object>> fetch(String name, String query,List<Object> params){
-        return fetch(name, query, true);
+        return fetch(name, query, params, true);
    }
    /**
     * 获取所有结果
@@ -513,7 +513,7 @@ public class DBHelper {
     * @param byLabel
     * @return
     */
-    public static List<Map<String, Object>> fetch(String name, String query, boolean byLabel){
+    public static List<Map<String, Object>> fetch(String name, String query,List<Object> params,boolean byLabel){
        synchronized(object){
            PreparedStatement ps = null;
            Connection conn = null;
@@ -523,6 +523,9 @@ public class DBHelper {
            try {
                conn = getConnection(name);
                ps = conn.prepareStatement(query);
+                for (int i = 0; i < params.size(); i++) {
+                    ps.setString(i + 1, params.get(i).toString());
+                }
                rs = ps.executeQuery();
                rows = new ArrayList<Map<String, Object>>();
                String coluName = null;