【#4127】sql漏洞写法修复

2022-11-06 17:03:48 +08:00 · 2022-11-06 17:03:48 +08:00 · 958cf01649
parent 01602bd60a
commit 958cf01649
1 changed files with 10 additions and 4 deletions
--- a/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysUserMapper.xml
+++ b/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/mapper/xml/SysUserMapper.xml
@ -159,7 +159,13 @@

 	<!-- 更新空字符串为null -->
 	<update id="updateNullByEmptyString">
-        UPDATE sys_user SET ${fieldName} = NULL WHERE ${fieldName} = ''
+		UPDATE sys_user
+		<if test="fieldName == 'email'">
+			SET email = NULL WHERE email = ''
+		</if>
+		<if test="fieldName == 'phone'">
+			SET phone = NULL WHERE phone = ''
+		</if>
 	</update>

 	<!-- 通过多个部门IDS，查询部门下的用户信息 -->