tool/lxutils
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix: 修复order by和limit、page的sql注入风险

Browse Source
This commit is contained in:
wangjie 2025-08-22 17:56:04 +08:00
parent b6bb886e2b
commit fa6333910b
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lxDb/sql.go
View File

@ -2,10 +2,10 @@ package lxDb
import ( import (
"errors" "errors"
"git.listensoft.net/tool/lxutils/lxUtil"
"gorm.io/gorm"
"regexp" "regexp"
"strings" "strings"
"git.listensoft.net/
) )
// 带事务的, 和不带事务的 说明: // 带事务的, 和不带事务的 说明:
@ -337,7 +337,6 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
// 条件字段 // 条件字段
if q != nil { if q != nil {
where, args := q.BuildRawWhere() where, args := q.BuildRawWhere()
if hasWhere(sql) { // 原SQL已有WHERE子句 if hasWhere(sql) { // 原SQL已有WHERE子句
// 确保 where 子句以 AND 或 OR 开头,然后安全添加 // 确保 where 子句以 AND 或 OR 开头,然后安全添加