Skip to content

Commit 505f1c7

Browse files
TommyLemonTommyLemon
committed
Java:MultiDataSource /execute 新增支持严格模式
1 parent b67eb21 commit 505f1c7

File tree

1 file changed

+27
-5
lines changed

1 file changed

+27
-5
lines changed

APIJSON-Java-Server/APIJSONBoot-MultiDataSource/src/main/java/apijson/boot/DemoController.java

Lines changed: 27 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -647,7 +647,7 @@ private apijson.JSONRequest newVerifyRequest(int type, String phone, String veri
647647
}
648648
* </pre>
649649
*/
650-
@PostMapping(LOGIN)
650+
@PostMapping(LOGIN) //TODO 改 SQLConfig 里的 dbAccount, dbPassword,直接用数据库鉴权
651651
public JSONObject login(@RequestBody String request, HttpSession session) {
652652
JSONObject requestObject = null;
653653
boolean isPassword;
@@ -1324,6 +1324,7 @@ else if (APIJSON_DELEGATE_ID.toLowerCase().equals(name.toLowerCase())) {
13241324
return entity.getBody();
13251325
}
13261326

1327+
public static boolean EXECUTE_STRICTLY = true;
13271328
/**执行 SQL 语句,支持 SQLAuto,注意仅仅不要开放给后端组外的任何人,更不要暴露到公司外的公网!
13281329
* @param request 只用String,避免encode后未decode
13291330
* @return
@@ -1350,8 +1351,9 @@ public String execute(@RequestBody String request, HttpSession session) {
13501351

13511352
JSONObject req = JSON.parseObject(request);
13521353
String uri = req.getString("uri");
1353-
String sql = req.getString("sql");
1354-
List<Object> valueList = req.getJSONArray("arg");
1354+
String sql = StringUtil.getTrimedString(req.getString("sql"));
1355+
JSONArray arg = req.getJSONArray("arg");
1356+
List<Object> valueList = arg;
13551357

13561358
DemoSQLExecutor executor = new DemoSQLExecutor();
13571359
DemoSQLConfig config = new DemoSQLConfig();
@@ -1364,9 +1366,27 @@ public String execute(@RequestBody String request, HttpSession session) {
13641366

13651367
Statement statement = executor.getStatement(config, sql);
13661368
if (statement instanceof PreparedStatement) {
1367-
((PreparedStatement) statement).execute();
1369+
if (EXECUTE_STRICTLY) {
1370+
if (sql.startsWith("SELECT ")) {
1371+
((PreparedStatement) statement).executeQuery();
1372+
} else {
1373+
((PreparedStatement) statement).executeUpdate();
1374+
}
1375+
}
1376+
else {
1377+
((PreparedStatement) statement).execute();
1378+
}
13681379
} else {
1369-
statement.execute(sql);
1380+
if (EXECUTE_STRICTLY) {
1381+
if (sql.startsWith("SELECT ")) {
1382+
statement.executeQuery(sql);
1383+
} else {
1384+
statement.executeUpdate(sql);
1385+
}
1386+
}
1387+
else {
1388+
statement.execute(sql);
1389+
}
13701390
}
13711391

13721392
ResultSet rs = statement.getResultSet();
@@ -1396,6 +1416,8 @@ public String execute(@RequestBody String request, HttpSession session) {
13961416
}
13971417

13981418
JSONObject result = DemoParser.newSuccessResult();
1419+
result.put("sql", sql);
1420+
result.put("arg", arg);
13991421
result.put("count", statement.getUpdateCount());
14001422
result.put("list", arr);
14011423

0 commit comments

Comments
 (0)