apps/x_admin
1
0
Fork 0
mirror of https://gitee.com/xiangheng/x_admin.git synced 2025-10-06 08:37:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

更安全的拼接sql

Browse Source
This commit is contained in:
xiangheng
2024-06-28 23:32:46 +08:00
parent a02ec244ad
commit f7c7380ffb
1 changed files with 14 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
server/admin/generator/tpl_utils/utils.go
View File

@@ -18,19 +18,22 @@ type genUtil struct{}
// GetDbTablesQuery 查询库中的数据表 // GetDbTablesQuery 查询库中的数据表
func (gu genUtil) GetDbTablesQuery(db *gorm.DB, tableName string, tableComment string) *gorm.DB { func (gu genUtil) GetDbTablesQuery(db *gorm.DB, tableName string, tableComment string) *gorm.DB {
whereStr := "" query := db.Table("information_schema.tables")
if tableName != "" {
whereStr += `and lower(table_name) like lower("%` + tableName + `%")` // whereStr := ""
}
if tableComment != "" { query = query.Where(`table_schema = (SELECT database())
whereStr += `and lower(table_comment) like lower("%` + tableComment + `%")`
}
query := db.Table("information_schema.tables").Where(
`table_schema = (SELECT database())
AND table_name NOT LIKE "qrtz_%" AND table_name NOT LIKE "qrtz_%"
AND table_name NOT LIKE "gen_%" AND table_name NOT LIKE "gen_%"
AND table_name NOT IN (select table_name from x_gen_table) ` + whereStr).Select( AND table_name NOT IN (select table_name from x_gen_table)`)
"table_name, table_comment, create_time, update_time") if tableName != "" {
query = query.Where(`lower(table_name) like lower(?)`, "%"+tableName+"%")
}
if tableComment != "" {
query = query.Where(`lower(table_comment) like lower(?)`, "%"+tableComment+"%")
}
query = query.Select("table_name, table_comment, create_time, update_time")
return query return query
} }