From f5bbfc98b412f79e6695106f66d25fe65b3b7ba4 Mon Sep 17 00:00:00 2001
From: lxw <810412026@qq.com>
Date: 星期三, 25 十月 2023 12:05:35 +0800
Subject: [PATCH] 修改sql注入中时间格式bug
---
src/main/java/com/whyc/service/SubTablePageInfoService.java | 71 ++++++++++++++++++-----------------
1 files changed, 36 insertions(+), 35 deletions(-)
diff --git a/src/main/java/com/whyc/service/SubTablePageInfoService.java b/src/main/java/com/whyc/service/SubTablePageInfoService.java
index 6543bf2..082ef72 100644
--- a/src/main/java/com/whyc/service/SubTablePageInfoService.java
+++ b/src/main/java/com/whyc/service/SubTablePageInfoService.java
@@ -9,6 +9,7 @@
import com.whyc.mapper.CallBack;
import com.whyc.pojo.*;
import com.whyc.util.ActionUtil;
+import com.whyc.util.ThreadLocalUtil;
import org.apache.ibatis.annotations.Param;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Service;
@@ -44,10 +45,10 @@
sql+=" and stationName3 like '%"+data.getStationName3()+"%'";
}
if(data.getAlmStartTime()!=null){
- sql+=" and alarm.alm_start_time >='"+ActionUtil.sdf.format(data.getAlmStartTime())+"' ";
+ sql+=" and alarm.alm_start_time >='"+ ThreadLocalUtil.format(data.getAlmStartTime(),1)+"' ";
}
if(data.getAlmStartTime1()!=null){
- sql+=" and alarm.alm_start_time <='"+ActionUtil.sdf.format(data.getAlmStartTime1())+"' ";
+ sql+=" and alarm.alm_start_time <='"+ThreadLocalUtil.format(data.getAlmStartTime1(),1)+"' ";
}
if(data.getAlmSource()==0){
sql+=" and alm_source!=100 ";
@@ -128,10 +129,10 @@
sql+=" and stationName3 like '%"+data.getStationName3()+"%'";
}
if(data.getAlmStartTime()!=null){
- sql+=" and alarm.alm_start_time >='"+ActionUtil.sdf.format(data.getAlmStartTime())+"' ";
+ sql+=" and alarm.alm_start_time >='"+ThreadLocalUtil.format(data.getAlmStartTime(),1)+"' ";
}
if(data.getAlmStartTime1()!=null){
- sql+=" and alarm.alm_start_time <='"+ActionUtil.sdf.format(data.getAlmStartTime1())+"' ";
+ sql+=" and alarm.alm_start_time <='"+ThreadLocalUtil.format(data.getAlmStartTime1(),1)+"' ";
}
if(data.getAlmSource()==0){
sql+=" and alm_source!=100 ";
@@ -208,7 +209,7 @@
public int getCount(UserLog userLog){
String sql=" select count(*) num from db_user."+userLog.getRecordYear()+" l,db_user.tb_user_inf u" +
" where l.uId = u.uId" +
- " and uOprateDay between '"+ActionUtil.sdf.format(userLog.getOperationTime())+"' and '"+ActionUtil.sdf.format(userLog.getOperationTime2())+"' ";
+ " and uOprateDay between '"+ThreadLocalUtil.format(userLog.getOperationTime(),1)+"' and '"+ThreadLocalUtil.format(userLog.getOperationTime2(),1)+"' ";
if(userLog.getUId()!=null){
sql+=" and l.uId ="+userLog.getUId()+" ";
}
@@ -369,7 +370,7 @@
//6-PwrDevDataHistoryGWService.java;45琛�
public List<PwrDevDataHistoryGW> getListByParam(Long powerDeviceId, String tableMonth, Date subStartTime, Date subEndTime){
String sql=" select * from db_pwrdev_data_history_gw.tb_pwrdev_historydata_gw_"+powerDeviceId+"_"+tableMonth+" d " +
- " where d.record_time >='"+ActionUtil.sdf.format(subStartTime)+"' and d.record_time <='"+ActionUtil.sdf.format(subEndTime)+"' ";
+ " where d.record_time >='"+ThreadLocalUtil.format(subStartTime,1)+"' and d.record_time <='"+ThreadLocalUtil.format(subEndTime,1)+"' ";
List<PwrDevDataHistoryGW> list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
public List getResults(ResultSet rs) throws SQLException {
@@ -490,10 +491,10 @@
sql+=")";
}
if(param.getStartTime()!=null){
- sql+=" and alm_start_time>='"+ ActionUtil.sdf.format(param.getStartTime())+"' ";
+ sql+=" and alm_start_time>='"+ ThreadLocalUtil.format(param.getStartTime(),1)+"' ";
}
if(param.getEndTime()!=null){
- sql+=" and alm_start_time<='"+ ActionUtil.sdf.format(param.getEndTime())+"' ";
+ sql+=" and alm_start_time<='"+ ThreadLocalUtil.format(param.getEndTime(),1)+"' ";
}
sql+=" order by history.battgroupid asc,history.alm_start_time desc,history.monnum asc limit "+param.getLimitStart()+","+param.getLimitEnd()+" ";
@@ -571,10 +572,10 @@
sql+=" and stationName3 like '%"+param.getStationName3()+"%'";
}
if(param.getAlmStartTime()!=null){
- sql+=" and alarm.alm_start_time >='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' ";
+ sql+=" and alarm.alm_start_time >='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' ";
}
if(param.getAlmStartTime1()!=null){
- sql+=" and alarm.alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' ";
+ sql+=" and alarm.alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' ";
}
if(param.getAlmSource()==0){
sql+=" and alm_source!=100 ";
@@ -640,7 +641,7 @@
sql+=" and stationName='"+param.getStationName()+"' ";
}
}
- sql+=" and alm_start_time >='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' and alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' ";
+ sql+=" and alm_start_time >='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' and alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' ";
sql+=" and history.dev_id in(select distinct db_battinf.tb_battinf.FbsDeviceId " +
" from " +
" db_battinf.tb_battinf,db_user.tb_user_battgroup_baojigroup_battgroup,db_user.tb_user_battgroup_baojigroup_usr,db_user.tb_user_inf " +
@@ -726,7 +727,7 @@
sql+=" and stationName='"+param.getStationName()+"' ";
}
}
- sql+=" and alm_start_time >='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' and alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' ";
+ sql+=" and alm_start_time >='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' and alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' ";
sql+=" and history.dev_id in(select distinct db_battinf.tb_battinf.FbsDeviceId " +
" from " +
" db_battinf.tb_battinf,db_user.tb_user_battgroup_baojigroup_battgroup,db_user.tb_user_battgroup_baojigroup_usr,db_user.tb_user_inf " +
@@ -770,7 +771,7 @@
public List<UserLog> getList2(UserLog userLog){
String sql=" select l.*,u.uName from db_user."+userLog.getRecordYear()+" l,db_user.tb_user_inf u " +
" where l.uId = u.uId " +
- " and uOprateDay between '"+ActionUtil.sdf.format(userLog.getOperationTime())+"' and '"+ActionUtil.sdf.format(userLog.getOperationTime2())+"' ";
+ " and uOprateDay between '"+ThreadLocalUtil.format(userLog.getOperationTime(),1)+"' and '"+ThreadLocalUtil.format(userLog.getOperationTime2(),1)+"' ";
if(userLog.getUId()!=null){
sql+=" and l.uId ="+userLog.getUId()+" ";
}
@@ -871,10 +872,10 @@
sql+=")";
}
if(param.getStartTime()!=null){
- sql+=" and alm_start_time >='"+ActionUtil.sdf.format(param.getStartTime())+"' ";
+ sql+=" and alm_start_time >='"+ThreadLocalUtil.format(param.getStartTime(),1)+"' ";
}
if(param.getEndTime()!=null){
- sql+=" and alm_start_time <='"+ActionUtil.sdf.format(param.getEndTime())+"' ";
+ sql+=" and alm_start_time <='"+ThreadLocalUtil.format(param.getEndTime(),1)+"' ";
}
sql+=" ORDER BY alm_start_time desc ,dev_name asc limit "+param.getLimitStart()+","+param.getLimitEnd()+" ";
List list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@@ -916,8 +917,8 @@
for (int i=0;i<temp.size();i++) {
BattalarmDataHistory bh=temp.get(i);
sql+="("+bh.getBattGroupId()+","+bh.getMonNum()+","+bh.getRecordId()+","+bh.getAlmId()+","+bh.getAlmSignalId()+","+bh.getAlmLevel()+
- ",'"+ActionUtil.sdf.format(bh.getAlmStartTime())+"','"+ActionUtil.sdf.format(bh.getAlmEndTime())+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
- "'"+ActionUtil.sdf.format(bh.getAlmConfirmedTime())+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+")";
+ ",'"+ThreadLocalUtil.format(bh.getAlmStartTime(),1)+"','"+ThreadLocalUtil.format(bh.getAlmEndTime(),1)+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
+ "'"+ThreadLocalUtil.format(bh.getAlmConfirmedTime(),1)+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+")";
if(i!=(temp.size()-1)){
sql+=",";
}
@@ -960,10 +961,10 @@
sql+=" and stationName3 like '%"+param.getStationName3()+"%'";
}
if(param.getAlmStartTime()!=null){
- sql+=" and alarm.alm_start_time >='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' ";
+ sql+=" and alarm.alm_start_time >='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' ";
}
if(param.getAlmStartTime1()!=null){
- sql+=" and alarm.alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' ";
+ sql+=" and alarm.alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' ";
}
if(param.getAlmSource()==0){
sql+=" and alm_source!=100 ";
@@ -1061,10 +1062,10 @@
sql+=")";
}
if(param.getStartTime()!=null){
- sql+=" and alm_start_time >='"+ActionUtil.sdf.format(param.getStartTime())+"' ";
+ sql+=" and alm_start_time >='"+ThreadLocalUtil.format(param.getStartTime(),1)+"' ";
}
if(param.getEndTime()!=null){
- sql+=" and alm_start_time <='"+ActionUtil.sdf.format(param.getEndTime())+"' ";
+ sql+=" and alm_start_time <='"+ThreadLocalUtil.format(param.getEndTime(),1)+"' ";
}
List list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
@@ -1095,7 +1096,7 @@
" and alm_id in("+param.getAlmIdOne()+","+param.getAlmIdTwo()+", "+param.getAlmIdThree()+ ", "+param.getAlmIdFour()+ ", "+param.getAlmIdFive()+ ", "+param.getAlmIdSix()+ ", "+param.getAlmIdSeven()+ ", "+param.getAlmIdEight()+ ") " +
" and alm_signal_id%2 in("+param.getAlmSignalIdOne()+","+param.getAlmSignalIdTwo()+") " +
" and alm_level in( "+param.getAlmLevelOne()+ ", "+param.getAlmLevelTwo()+ ", "+param.getAlmLevelThree()+ ", "+param.getAlmLevelFour()+ ") " +
- " and alm_start_time>='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' and alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' " +
+ " and alm_start_time>='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' and alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' " +
" and db_battinf.tb_battinf.stationname1 like '%"+param.getStationname1()+"%' " +
" and db_battinf.tb_battinf.stationname like '%"+param.getStationname()+"%' ";
if(param.getBattGroupId()==0){
@@ -1205,8 +1206,8 @@
for (int i=0;i<temp.size();i++) {
PwrdevAlarmHistory bh=temp.get(i);
sql+="("+bh.getRecordId()+","+bh.getPowerDeviceId()+","+bh.getAlmType()+","+bh.getAlmLevel()+","+bh.getAlmSource()+","+bh.getAlmIndex()+
- ",'"+ActionUtil.sdf.format(bh.getAlmStartTime())+"','"+ActionUtil.sdf.format(bh.getAlmEndTime())+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
- "'"+ActionUtil.sdf.format(bh.getAlmConfirmedTime())+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+","+bh.getAlmTrigger()+")";
+ ",'"+ThreadLocalUtil.format(bh.getAlmStartTime(),1)+"','"+ThreadLocalUtil.format(bh.getAlmEndTime(),1)+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
+ "'"+ThreadLocalUtil.format(bh.getAlmConfirmedTime(),1)+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+","+bh.getAlmTrigger()+")";
if(i!=(temp.size()-1)){
sql+=",";
}
@@ -1217,7 +1218,7 @@
//43-PwrdevDataHistoryService.java;69琛�
public List<PwrdevDataHistory> getGtStartTime(String tableName, Date startTime){
- String sql="select * from db_pwrdev_data_history."+tableName+" where record_time>='"+ ActionUtil.sdf.format(startTime)+"' ";
+ String sql="select * from db_pwrdev_data_history."+tableName+" where record_time>='"+ ThreadLocalUtil.format(startTime,1)+"' ";
List<PwrdevDataHistory> list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
public List getResults(ResultSet rs) throws SQLException {
@@ -1316,10 +1317,10 @@
sql+=")";
}
if(param.getStartTime()!=null){
- sql+=" and alm_start_time >='"+ActionUtil.sdf.format(param.getStartTime())+"' ";
+ sql+=" and alm_start_time >='"+ThreadLocalUtil.format(param.getStartTime(),1)+"' ";
}
if(param.getEndTime()!=null){
- sql+=" and alm_start_time <='"+ActionUtil.sdf.format(param.getEndTime())+"' ";
+ sql+=" and alm_start_time <='"+ThreadLocalUtil.format(param.getEndTime(),1)+"' ";
}
List list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
@@ -1344,8 +1345,8 @@
//48-BattRealdataService.java;59琛�
public List<RealDateDTO> serchByCondition(BattRealdata realdata){
String sql="select * from db_batt_history.tb_batt_realdata_"+realdata.getTableName()+" " +
- " where recrod_time >= '"+ActionUtil.sdf.format(realdata.getRecrodTime())+"' " +
- " and recrod_time <= '"+ActionUtil.sdf.format(realdata.getRecrodTime1())+"' " +
+ " where recrod_time >= '"+ThreadLocalUtil.format(realdata.getRecrodTime(),1)+"' " +
+ " and recrod_time <= '"+ThreadLocalUtil.format(realdata.getRecrodTime1(),1)+"' " +
" and mon_num ="+realdata.getMonNum()+" " +
" order by recrod_time asc";
List<RealDateDTO> list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@@ -1377,7 +1378,7 @@
if(userLogs!=null&&userLogs.size()>0){
for (int i=0;i<userLogs.size();i++) {
UserLog bh=userLogs.get(i);
- sql+="("+bh.getUId()+","+bh.getOperationType()+",'"+ActionUtil.sdf.format(bh.getOperationTime())+"','"+bh.getTerminalIp()+"','"+bh.getOperationMsg()+"','"+bh.getOperationDetail()+
+ sql+="("+bh.getUId()+","+bh.getOperationType()+",'"+ThreadLocalUtil.format(bh.getOperationTime(),1)+"','"+bh.getTerminalIp()+"','"+bh.getOperationMsg()+"','"+bh.getOperationDetail()+
"',"+bh.getReadFlag()+")";
if(i!=(userLogs.size()-1)){
sql+=",";
@@ -1470,7 +1471,7 @@
" and alm_id in("+param.getAlmIdOne()+","+param.getAlmIdTwo()+", "+param.getAlmIdThree()+ ", "+param.getAlmIdFour()+ ", "+param.getAlmIdFive()+ ", "+param.getAlmIdSix()+ ", "+param.getAlmIdSeven()+ ", "+param.getAlmIdEight()+ ") " +
" and alm_signal_id%2 in("+param.getAlmSignalIdOne()+","+param.getAlmSignalIdTwo()+") " +
" and alm_level in( "+param.getAlmLevelOne()+ ", "+param.getAlmLevelTwo()+ ", "+param.getAlmLevelThree()+ ", "+param.getAlmLevelFour()+ ") " +
- " and alm_start_time>='"+ActionUtil.sdf.format(param.getAlmStartTime())+"' and alm_start_time <='"+ActionUtil.sdf.format(param.getAlmStartTime1())+"' " +
+ " and alm_start_time>='"+ThreadLocalUtil.format(param.getAlmStartTime(),1)+"' and alm_start_time <='"+ThreadLocalUtil.format(param.getAlmStartTime1(),1)+"' " +
" and db_battinf.tb_battinf.stationname1 like '%"+param.getStationname1()+"%' " +
" and db_battinf.tb_battinf.stationname like '%"+param.getStationname()+"%' ";
if(param.getBattGroupId()==0){
@@ -1586,7 +1587,7 @@
//92-PwrdevDataHistoryService.java;74琛�
public List<PwrdevDataHistory> getLtEndTime( String tableName, Date endTime){
- String sql=" select * from db_pwrdev_data_history."+tableName+" where record_time<='"+ ActionUtil.sdf.format(endTime)+"' ";
+ String sql=" select * from db_pwrdev_data_history."+tableName+" where record_time<='"+ ThreadLocalUtil.format(endTime,1)+"' ";
List<PwrdevDataHistory> list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
public List getResults(ResultSet rs) throws SQLException {
@@ -1712,8 +1713,8 @@
for (int i=0;i<temp.size();i++) {
DevalarmDataHistory bh=temp.get(i);
sql+="("+bh.getRecordId()+","+bh.getDevId()+",'"+bh.getDevIp()+"',"+bh.getAlmType()+","+bh.getAlmLevel()+
- ",'"+ActionUtil.sdf.format(bh.getAlmStartTime())+"','"+ActionUtil.sdf.format(bh.getAlmEndTime())+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
- "'"+ActionUtil.sdf.format(bh.getAlmConfirmedTime())+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+")";
+ ",'"+ThreadLocalUtil.format(bh.getAlmStartTime(),1)+"','"+ThreadLocalUtil.format(bh.getAlmEndTime(),1)+"',"+bh.getAlmValue()+","+bh.getAlmIsConfirmed()+"," +
+ "'"+ThreadLocalUtil.format(bh.getAlmConfirmedTime(),1)+"',"+bh.getAlmClearedType()+","+bh.getUsrId()+","+bh.getAlmSeverity()+")";
if(i!=(temp.size()-1)){
sql+=",";
}
@@ -1724,7 +1725,7 @@
//115-PwrdevDataHistoryService.java;89琛�
public List<PwrdevDataHistory> getWeekOrDayData( String tableName,Date startTime,Date endTime){
- String sql=" select * from db_pwrdev_data_history."+tableName+" where record_time>='"+ActionUtil.sdf.format(startTime)+"' and record_time<='"+ActionUtil.sdf.format(endTime)+"' ";
+ String sql=" select * from db_pwrdev_data_history."+tableName+" where record_time>='"+ThreadLocalUtil.format(startTime,1)+"' and record_time<='"+ThreadLocalUtil.format(endTime,1)+"' ";
List<PwrdevDataHistory> list = sqlExecuteService.executeQuery_call(sql, new CallBack() {
@Override
public List getResults(ResultSet rs) throws SQLException {
--
Gitblit v1.9.1