From 1255adca0fbf9137911525224f136b460c7f67dc Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:05:52 +0800
Subject: [PATCH] sql注入漏洞

---
 src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java b/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
index 176e549..b473c40 100644
--- a/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
+++ b/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
@@ -3,10 +3,17 @@
 import com.baomidou.mybatisplus.mapper.BaseMapper;
 import com.zy.asrs.entity.PlaQty;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.Select;
 import org.springframework.stereotype.Repository;
+
+import java.util.List;
 
 @Mapper
 @Repository
 public interface PlaQtyMapper extends BaseMapper<PlaQty> {
 
+    @Select("select top(10) order_no from asr_pla_qty where order_no like '%' + #{orderNo} + '%'  group by order_no")
+    List<String> selectOrderNo(@Param("orderNo") String orderNo);
+
 }

--
Gitblit v1.9.1