Skip to content

iBiz4j Spring R7
iBiz4j Spring R7
提交 ceb80d8f 编写于 作者: zhouweidong's avatar zhouweidong
浏览文件
操作

直接SQL支持?占位符,放置SQL注入

上级 778c6584
隐藏空白字符变更
内嵌 并排
正在显示 包含 17 行增加14 行删除
SLN/%PUBPRJ%-core/src/main/resources/rules/%DE%%ITEM%Rule.drl.ftl
浏览文件 @ ceb80d8f
......@@ -100,40 +100,45 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}"
${operateEntity.codeName?lower_case}service.${operateAction.codeName?uncap_first}(${logicParamEntity});
</#if>
<#elseif deLogicNode.getLogicNodeType()=='RAWSQLCALL'><#comment>直接SQL</#comment>
<#if deLogicNode.getPSDELogicNodeParams()??><#comment>是否包含参数列表</#comment>
<#if deLogicNode.getPSDELogicNodeParams()??>
<#comment>包含参数列表</#comment>
<@getCallSQL2 deLogicNode/>
<#else>
Map param = null;
String strSql="${srfjavasqlcode('${deLogicNode.getParam("PARAM4","")}')}";
</#if>
<#if deLogicNode.getDstPSDELogicParam?? && deLogicNode.getDstPSDELogicParam()?? ><#comment>配置返回参数</#comment>
<#if (deLogicNode.getParam("PARAM9",0)==1)>
java.util.List<JSONObject> entities=iBzSys${de.codeName?lower_case?cap_first}DefaultService.select(strSql,param);//SQL调用
<#comment>是否返回参数</#comment>
<#if deLogicNode.getDstPSDELogicParam?? && deLogicNode.getDstPSDELogicParam()?? ><#comment>配置返回参数</#comment>
if(entities.size()>0){
<#assign targetLogicParam=deLogicNode.getDstPSDELogicParam()>
<#assign targetLogicParam=deLogicNode.getDstPSDELogicParam()>
JSONObject entity=entities.get(0);
<#assign targetLogicParamCodeName=logicName+targetLogicParam.getCodeName()?lower_case>
<#if targetLogicParam.getParamPSDataEntity?? && targetLogicParam.getParamPSDataEntity()??>
<#assign targetEntity=targetLogicParam.getParamPSDataEntity()>
<#if (deLogicNode.getParam("PARAM7",1)==0)><#comment>重置原数据</#comment>
<#assign targetLogicParamCodeName=logicName+targetLogicParam.getCodeName()?lower_case>
<#if targetLogicParam.getParamPSDataEntity?? && targetLogicParam.getParamPSDataEntity()??>
<#assign targetEntity=targetLogicParam.getParamPSDataEntity()>
<#if (deLogicNode.getParam("PARAM7",1)==0)><#comment>重置原数据</#comment>
${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName} targetEntity =new ${pub.getPKGCodeName()}.core.${targetEntity.getPSSystemModule().codeName?lower_case}.domain.${targetEntity.codeName}();
for (Map.Entry entry : entity.entrySet()) {
targetEntity.set(String.valueOf(entry.getKey()),entry.getValue());
}
org.springframework.cglib.beans.BeanCopier copier= org.springframework.cglib.beans.BeanCopier.create(targetEntity.getClass(),${targetLogicParamCodeName}.getClass(), false);
copier.copy(targetEntity,${targetLogicParamCodeName},null);
<#else><#comment>不重置原数据</#comment>
<#else><#comment>不重置原数据</#comment>
for (Map.Entry entry : entity.entrySet()) {
${targetLogicParamCodeName}.set(String.valueOf(entry.getKey()),entry.getValue());
}
</#if>
<#else>
${targetLogicParamCodeName}.putAll(entity);
</#if>
}
<#else>
${targetLogicParamCodeName}.putAll(entity);
iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql);//SQL调用
</#if>
}
<#else>
iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql);//SQL调用
iBzSys${de.codeName?lower_case?cap_first}DefaultService.execute(strSql,param);//SQL调用
</#if>
<#elseif deLogicNode.getLogicNodeType()=='RAWSQLANDLOOPCALL'><#comment>直接SQL并循环调用</#comment>
//暂不支持
<#--<#if deLogicNode.getPSDELogicNodeParams()??><#comment>是否包含参数列表</#comment>-->
......@@ -155,8 +160,6 @@ ruleflow-group "${logicName+deLogicNode.getCodeName()?lower_case}"
<#--}-->
<#--</#if>-->
<#--}-->
</#if>
<#if delogic.getPSDELogicParams?? && delogic.getPSDELogicParams()??>
<#list delogic.getPSDELogicParams() as logicParam>
......
Markdown 格式
0% or
您添加了 0 到此讨论。请谨慎行事。
先完成此消息的编辑!
想要评论请 注册