Server:优化WHERE条件连接，防SQL注入

TommyLemon · TommyLemon · commit 0c9928cf4af0 · 2017-10-07T16:39:57.000+08:00
diff --git a/APIJSON-Java-Server/APIJSON-Eclipse/src/main/java/zuo/biao/apijson/server/sql/SQLConfig.java b/APIJSON-Java-Server/APIJSON-Eclipse/src/main/java/zuo/biao/apijson/server/sql/SQLConfig.java
@@ -531,7 +531,7 @@ public static String getWhereString(RequestMethod method, Map<String, Object> wh
 				continue;
 			}
 
-			whereString += (isFirst ? "" : AND) + condition;
+			whereString += (isFirst ? "" : AND) + "(" + condition + ")";
 
 			isFirst = false;
 		}
@@ -639,7 +639,7 @@ public static String getSearchString(String key, Object[] values, int type) thro
 			condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR)) + getLikeString(key, values[i]);
 		}
 
-		return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";
+		return getCondition(Logic.isNot(type), condition);
 	}
 
 	/**WHERE key LIKE 'value'
@@ -693,7 +693,7 @@ public static String getRegExpString(String key, Object[] values, int type) thro
 			condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR)) + getRegExpString(key, (String) values[i]);
 		}
 
-		return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";
+		return getCondition(Logic.isNot(type), condition);
 	}
 
 	/**WHERE key REGEXP 'value'
@@ -747,8 +747,7 @@ public static String getRangeString(String key, Object range) throws Exception {
 			if (condition.isEmpty()) {
 				return "";
 			}
-			condition = "(" + condition + ")";
-			return logic.isNot() ? NOT + condition : condition;
+			return getCondition(logic.isNot(), condition);
 		}
 
 		throw new IllegalArgumentException(key + "{}:range 类型为" + range.getClass().getSimpleName()
@@ -770,7 +769,7 @@ public static String getInString(String key, Object[] in, boolean not) throws No
 			throw new NotExistException(TAG + ".getInString(" + key + ", [], " + not
 					+ ") >> condition.isEmpty() >> IN()");
 		}
-		return (not ? NOT : "") + " IN " + "(" + condition + ")";
+		return (not ? NOT : "") + " IN (" + condition + ")";
 	}
 	//{} range >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
@@ -814,7 +813,7 @@ public static String getContainString(String key, Object[] childs, int type) thr
 						childs[i] = "\"" + childs[i] + "\"";
 					}
 					condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR))
-							+ getSearchString(
+							+ "(" + getSearchString(
 									key
 									, new String[]{
 											"[" + childs[i] + "]", //全等
@@ -823,7 +822,7 @@ public static String getContainString(String key, Object[] childs, int type) thr
 											"%, " + childs[i] + "]" //末尾
 									}
 									, Logic.TYPE_OR
-									);
+									) + ")";
 				}
 			}
 			if (condition.isEmpty()) {
@@ -833,10 +832,19 @@ public static String getContainString(String key, Object[] childs, int type) thr
 		if (condition.isEmpty()) {
 			return "";
 		}
-		return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";
+		return getCondition(Logic.isNot(type), condition);
 	}
 	//<> contain >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
+	/**拼接条件
+	 * @param not
+	 * @param condition
+	 * @return
+	 */
+	private static String getCondition(boolean not, String condition) {
+		return not ? NOT + "(" + condition + ")" : condition;
+	}
+	
 
 	/**转为JSONArray
 	 * @param tv

Original file line number	Diff line number	Diff line change
`@@ -531,7 +531,7 @@ public static String getWhereString(RequestMethod method, Map<String, Object> wh`
`531`	`531`	`continue;`
`532`	`532`	`}`
`533`	`533`
`534`		`- whereString += (isFirst ? "" : AND) + condition;`
	`534`	`+ whereString += (isFirst ? "" : AND) + "(" + condition + ")";`
`535`	`535`
`536`	`536`	`isFirst = false;`
`537`	`537`	`}`
`@@ -639,7 +639,7 @@ public static String getSearchString(String key, Object[] values, int type) thro`
`639`	`639`	`condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR)) + getLikeString(key, values[i]);`
`640`	`640`	`}`
`641`	`641`
`642`		`- return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";`
	`642`	`+ return getCondition(Logic.isNot(type), condition);`
`643`	`643`	`}`
`644`	`644`
`645`	`645`	`/**WHERE key LIKE 'value'`
`@@ -693,7 +693,7 @@ public static String getRegExpString(String key, Object[] values, int type) thro`
`693`	`693`	`condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR)) + getRegExpString(key, (String) values[i]);`
`694`	`694`	`}`
`695`	`695`
`696`		`- return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";`
	`696`	`+ return getCondition(Logic.isNot(type), condition);`
`697`	`697`	`}`
`698`	`698`
`699`	`699`	`/**WHERE key REGEXP 'value'`
`@@ -747,8 +747,7 @@ public static String getRangeString(String key, Object range) throws Exception {`
`747`	`747`	`if (condition.isEmpty()) {`
`748`	`748`	`return "";`
`749`	`749`	`}`
`750`		`- condition = "(" + condition + ")";`
`751`		`- return logic.isNot() ? NOT + condition : condition;`
	`750`	`+ return getCondition(logic.isNot(), condition);`
`752`	`751`	`}`
`753`	`752`
`754`	`753`	`throw new IllegalArgumentException(key + "{}:range 类型为" + range.getClass().getSimpleName()`
`@@ -770,7 +769,7 @@ public static String getInString(String key, Object[] in, boolean not) throws No`
`770`	`769`	`throw new NotExistException(TAG + ".getInString(" + key + ", [], " + not`
`771`	`770`	`+ ") >> condition.isEmpty() >> IN()");`
`772`	`771`	`}`
`773`		`- return (not ? NOT : "") + " IN " + "(" + condition + ")";`
	`772`	`+ return (not ? NOT : "") + " IN (" + condition + ")";`
`774`	`773`	`}`
`775`	`774`	`//{} range >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>`
`776`	`775`
`@@ -814,7 +813,7 @@ public static String getContainString(String key, Object[] childs, int type) thr`
`814`	`813`	`childs[i] = "\"" + childs[i] + "\"";`
`815`	`814`	`}`
`816`	`815`	`condition += (i <= 0 ? "" : (Logic.isAnd(type) ? AND : OR))`
`817`		`- + getSearchString(`
	`816`	`+ + "(" + getSearchString(`
`818`	`817`	`key`
`819`	`818`	`, new String[]{`
`820`	`819`	`"[" + childs[i] + "]", //全等`
`@@ -823,7 +822,7 @@ public static String getContainString(String key, Object[] childs, int type) thr`
`823`	`822`	`"%, " + childs[i] + "]" //末尾`
`824`	`823`	`}`
`825`	`824`	`, Logic.TYPE_OR`
`826`		`- );`
	`825`	`+ ) + ")";`
`827`	`826`	`}`
`828`	`827`	`}`
`829`	`828`	`if (condition.isEmpty()) {`
`@@ -833,10 +832,19 @@ public static String getContainString(String key, Object[] childs, int type) thr`
`833`	`832`	`if (condition.isEmpty()) {`
`834`	`833`	`return "";`
`835`	`834`	`}`
`836`		`- return (Logic.isNot(type) ? NOT : "") + "(" + condition + ")";`
	`835`	`+ return getCondition(Logic.isNot(type), condition);`
`837`	`836`	`}`
`838`	`837`	`//<> contain >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>`
`839`	`838`
	`839`	`+ /**拼接条件`
	`840`	`+ * @param not`
	`841`	`+ * @param condition`
	`842`	`+ * @return`
	`843`	`+ */`
	`844`	`+ private static String getCondition(boolean not, String condition) {`
	`845`	`+ return not ? NOT + "(" + condition + ")" : condition;`
	`846`	`+ }`
	`847`	`+`
`840`	`848`
`841`	`849`	`/**转为JSONArray`
`842`	`850`	`* @param tv`