ctjee 防SQL注入改造说明及设计原理

最新推荐文章于 2024-07-30 16:51:22 发布

rschentong

最新推荐文章于 2024-07-30 16:51:22 发布

阅读量187

点赞数

分类专栏： javaMVC简单三层框架ctjee 自定义表单+自定义工作流软件 miniui 框架文章标签： sql 数据库 database

本文链接：https://blog.csdn.net/rschentong/article/details/121260380

版权

javaMVC简单三层框架ctjee 同时被 3 个专栏收录

5 篇文章 0 订阅

订阅专栏

自定义表单+自定义工作流软件

5 篇文章 0 订阅

订阅专栏

miniui 框架

2 篇文章 0 订阅

订阅专栏

${name_key}

${%,userid,%} like

${(,rolecode,)} in

自动转换页面变量及JSON格式数据为Key/Value格式存储缓存区
preparedStatementParameters 数据区
{rolecode=0aaa, _transName=查询baseRole单条明细根据主键, roledesc=0aaa, _transactionModeDB=, rolename=0aaa, _transferOptionId=baseRoleItemByPk.ext, dse_opflag=baseRoleItemByPk}

${(,rolecode,)} in 删除缓存区的数据格式 0aaa,0bbb

op和dao中提供给2个方法，用于操作缓存区的数据
void setValueAtPreparedStatementParameters(String dataName, Object fieldValue);
Object getValueAtPreparedStatementParameters(String dataName)；

setValueAtPreparedStatementParameters("XXXXXXXX", XXXXXXXX);

//分页例子--分页例子--分页例子--分页例子--分页例子--分页例子--分页例子--分页例子--
Update+Pre
Map+Pre
List+Pre

StringBuffer totalCount = new StringBuffer( tUsersinfoSql.selectPageListCount_(_param,_map) );
ListPagePre(tUsersinfoSql.selectPageListBootstrapJqGrid_(_param,_map), totalCount.toString());
List _nList = (List)getValueAt("_nList");

--[selectDynamicSql]------------------------------------------------------------------------------------------

columnsValue += " "+entry.getKey()+"=${"+entry.getKey()+"} and";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

in in in in in in in in in in in in in in in in in in in in in
columnsValue += " "+entry.getKey()+" in ${(,"+entry.getKey()+",)} and";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

---[insertDynamicSql]------------------------------------------------------------------------------------------
values+="${"+entry.getKey()+"},";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

--[updateDynamicSql]----------------------------------------------------------------------------------------------
columnsValue += ""+entry.getKey()+"=${"+entry.getKey()+"},";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

==============================
whereValue += " "+entry.getKey()+"=${"+entry.getKey()+"} and";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

in in in in in in in in in in in in in in in in in in in in in
whereValue += " "+entry.getKey()+" in ${(,"+entry.getKey()+",)} and";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());
---------------------------------------------------------------------------------------------------------------------

--[deleteDynamicSql]----------------------------------------------------------------------------------------------
columnsValue += " "+entry.getKey()+"=${"+entry.getKey()+"} and";
setValueAtPreparedStatementParameters(entry.getKey(), entry.getValue());

参考

http://ctjee.com/index.htmlhttp://ctjee.com/index.html

rschentong

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
ctjee 防SQL注入改造说明及设计原理

${name_key} ${%,userid,%} like ${(,rolecode,)} in 自动转换页面变量及JSON格式数据为Key/Value格式存储缓存区 preparedStatementParameters 数据区 {rolecode=0aaa, _transName=查询baseRole单条明细根据主键, roledesc=0aaa, _transactionModeDB=, rolename=0aaa, _transferOpt...
复制链接

扫一扫

专栏目录