github
/
jeecg-boot
mirror of https://github.com/jeecgboot/jeecg-boot
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

【#4127】sql漏洞写法修复

Browse Source
pull/4246/merge
zhangdaiscott 2 years ago
parent 01602bd60a
commit 958cf01649
1 changed files with 10 additions and 4 deletions
Show Stats Download Patch File Download Diff File

8
jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysUserMapper.xml
Unescape View File

@ -159,7 +159,13 @@
<!-- 更新空字符串为null --> <!-- 更新空字符串为null -->
<update id="updateNullByEmptyString"> <update id="updateNullByEmptyString">
UPDATE sys_user SET ${fieldName} = NULL WHERE ${fieldName} = '' UPDATE sys_user
<if test="fieldName == 'email'">
SET email = NULL WHERE email = ''
</if>
<if test="fieldName == 'phone'">
SET phone = NULL WHERE phone = ''
</if>
</update> </update>
<!-- 通过多个部门IDS查询部门下的用户信息 --> <!-- 通过多个部门IDS查询部门下的用户信息 -->

Write Preview
Loading…
Cancel
Save