From f59681e9cf7faedb6c28e23920c58ecb919be547 Mon Sep 17 00:00:00 2001
From: ZY <zc857179121@qq.com>
Date: 星期一, 28 十月 2024 10:14:29 +0800
Subject: [PATCH] sql注入漏洞

---
 src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java b/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
index e82e930..b473c40 100644
--- a/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
+++ b/src/main/java/com/zy/asrs/mapper/PlaQtyMapper.java
@@ -3,6 +3,7 @@
 import com.baomidou.mybatisplus.mapper.BaseMapper;
 import com.zy.asrs.entity.PlaQty;
 import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
 import org.apache.ibatis.annotations.Select;
 import org.springframework.stereotype.Repository;
 
@@ -12,7 +13,7 @@
 @Repository
 public interface PlaQtyMapper extends BaseMapper<PlaQty> {
 
-    @Select("select top(10) order_no from asr_pla_qty group by order_no")
-    List<String> selectOrderNo();
+    @Select("select top(10) order_no from asr_pla_qty where order_no like '%' + #{orderNo} + '%'  group by order_no")
+    List<String> selectOrderNo(@Param("orderNo") String orderNo);
 
 }

--
Gitblit v1.9.1