排序优化，防sql注入

2021-10-18 23:51:18 +08:00
parent 358ca73cf0
commit 2e2cc04f5c
2 changed files with 17 additions and 1 deletions
--- a/jshERP-boot/src/main/java/com/jsh/erp/controller/MaterialController.java
+++ b/jshERP-boot/src/main/java/com/jsh/erp/controller/MaterialController.java
@@ -559,7 +559,7 @@ public class MaterialController {
                idList = materialService.getListByParentId(categoryId);
            }
            List<MaterialVo4Unit> dataList = materialService.getListWithStock(depotId, idList, StringUtil.toNull(materialParam),
-                    column, order, (currentPage-1)*pageSize, pageSize);
+                    StringUtil.safeSqlParse(column), StringUtil.safeSqlParse(order), (currentPage-1)*pageSize, pageSize);
            int total = materialService.getListWithStockCount(depotId, idList, StringUtil.toNull(materialParam));
            MaterialVo4Unit materialVo4Unit= materialService.getTotalStockAndPrice(depotId, idList, StringUtil.toNull(materialParam));
            map.put("total", total);