wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2025-12-06 16:03:25 +08:00
Code Issues Packages Projects Releases Wiki Activity

【优化】移除2个orderBy使用的sql组合方法参数,移除4个仓储基类的所有sql组合方法,全部使用参数化提交,防止出现可能存在的sql注入。

Browse Source
This commit is contained in:
jianweie code
2024-01-17 20:02:06 +08:00
parent f16797adb5
commit a6e345a48b
15 changed files with 77 additions and 883 deletions
Download Patch File Download Diff File Expand all files Collapse all files

273
CoreCms.Net.Repository/BaseRepository.cs
View File

@@ -139,82 +139,6 @@ namespace CoreCms.Net.Repository
return await DbBaseClient.Queryable<T>().WithNoLockOrNot(blUseNoLock).WithCacheIF(isDataCache, cacheTimes).ToListAsync();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
/// <param name="strWhere">条件</param>
/// <param name="orderBy">排序字段如name asc,age desc</param>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns>泛型实体集合</returns>
public List<T> QueryListByClause(string strWhere, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(!string.IsNullOrEmpty(strWhere), strWhere)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToList();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
/// <param name="strWhere">条件</param>
/// <param name="orderBy">排序字段如name asc,age desc</param>
/// <returns>泛型实体集合</returns>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
public async Task<List<T>> QueryListByClauseAsync(string strWhere, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return await DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(!string.IsNullOrEmpty(strWhere), strWhere)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToListAsync();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
/// <param name="predicate">条件表达式树</param>
/// <param name="orderBy">排序字段如name asc,age desc</param>
/// <returns>泛型实体集合</returns>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToList();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
/// <param name="predicate">条件表达式树</param>
/// <param name="orderBy">排序字段如name asc,age desc</param>
/// <returns>泛型实体集合</returns>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return await DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToListAsync();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
@@ -225,7 +149,7 @@ namespace CoreCms.Net.Repository
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns>泛型实体集合</returns>
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate, OrderByType orderByType, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate = null, OrderByType orderByType = OrderByType.Asc, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return DbBaseClient.Queryable<T>()
.OrderByIF(orderByPredicate != null, orderByPredicate, orderByType)
@@ -245,7 +169,7 @@ namespace CoreCms.Net.Repository
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns>泛型实体集合</returns>
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate, OrderByType orderByType, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate = null, OrderByType orderByType = OrderByType.Asc, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return await DbBaseClient.Queryable<T>()
.OrderByIF(orderByPredicate != null, orderByPredicate, orderByType)
@@ -299,48 +223,6 @@ namespace CoreCms.Net.Repository
.ToListAsync();
}
/// <summary>
/// 根据条件查询一定数量数据
/// </summary>
/// <param name="predicate">条件表达式树</param>
/// <param name="take">获取数量</param>
/// <param name="strOrderByFields">排序字段如name asc,age desc</param>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns></returns>
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, int take, string strOrderByFields = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(strOrderByFields), strOrderByFields)
.Where(predicate)
.Take(take)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToList();
}
/// <summary>
/// 根据条件查询一定数量数据
/// </summary>
/// <param name="predicate">条件表达式树</param>
/// <param name="take">获取数量</param>
/// <param name="strOrderByFields">排序字段如name asc,age desc</param>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns></returns>
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, int take, string strOrderByFields = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
return await DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(strOrderByFields), strOrderByFields)
.Where(predicate)
.Take(take)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToListAsync();
}
/// <summary>
/// 根据条件查询数据
/// </summary>
@@ -597,54 +479,6 @@ namespace CoreCms.Net.Repository
: await DbBaseClient.Updateable(entity).ExecuteCommandHasChangeAsync();
}
/// <summary>
/// 根据手写条件更新
/// </summary>
/// <param name="entity">实体数据</param>
/// <param name="strWhere"></param>
/// <param name="isRemoveDataCache">是否清除缓存</param>
/// <returns></returns>
public bool Update(T entity, string strWhere, bool isRemoveDataCache = false)
{
return isRemoveDataCache ? DbBaseClient.Updateable(entity).Where(strWhere).RemoveDataCache().ExecuteCommandHasChange() : DbBaseClient.Updateable(entity).Where(strWhere).ExecuteCommandHasChange();
}
/// <summary>
/// 根据手写条件更新
/// </summary>
/// <param name="entity">实体数据</param>
/// <param name="strWhere"></param>
/// <param name="isRemoveDataCache">是否清除缓存</param>
/// <returns></returns>
public async Task<bool> UpdateAsync(T entity, string strWhere, bool isRemoveDataCache = false)
{
return isRemoveDataCache
? await DbBaseClient.Updateable(entity).Where(strWhere).RemoveDataCache().ExecuteCommandHasChangeAsync()
: await DbBaseClient.Updateable(entity).Where(strWhere).ExecuteCommandHasChangeAsync();
}
/// <summary>
/// 根据手写sql语句更新数据
/// </summary>
/// <param name="strSql"></param>
/// <param name="parameters"></param>
/// <returns></returns>
public bool Update(string strSql, SugarParameter[] parameters = null)
{
return DbBaseClient.Ado.ExecuteCommand(strSql, parameters) > 0;
}
/// <summary>
/// 根据手写sql语句更新数据
/// </summary>
/// <param name="strSql"></param>
/// <param name="parameters"></param>
/// <returns></returns>
public async Task<bool> UpdateAsync(string strSql, SugarParameter[] parameters = null)
{
return await DbBaseClient.Ado.ExecuteCommandAsync(strSql, parameters) > 0;
}
/// <summary>
/// 更新某个字段
/// </summary>
@@ -672,45 +506,6 @@ namespace CoreCms.Net.Repository
: await DbBaseClient.Updateable<T>().SetColumns(columns).Where(where).ExecuteCommandHasChangeAsync();
}
/// <summary>
/// 根据条件更新
/// </summary>
/// <param name="entity">实体数据</param>
/// <param name="lstColumns"></param>
/// <param name="lstIgnoreColumns"></param>
/// <param name="strWhere"></param>
/// <param name="isRemoveDataCache">是否清除缓存</param>
/// <returns></returns>
public async Task<bool> UpdateAsync(T entity, List<string> lstColumns, List<string> lstIgnoreColumns, string strWhere = "", bool isRemoveDataCache = false)
{
var up = DbBaseClient.Updateable(entity);
if (lstIgnoreColumns != null && lstIgnoreColumns.Count > 0) up = up.IgnoreColumns(lstIgnoreColumns.ToArray());
if (lstColumns is { Count: > 0 }) up = up.UpdateColumns(lstColumns.ToArray());
if (!string.IsNullOrEmpty(strWhere)) up = up.Where(strWhere);
return isRemoveDataCache
? await up.RemoveDataCache().ExecuteCommandHasChangeAsync()
: await up.ExecuteCommandHasChangeAsync();
}
/// <summary>
/// 根据条件更新
/// </summary>
/// <param name="entity">实体数据</param>
/// <param name="lstColumns"></param>
/// <param name="lstIgnoreColumns"></param>
/// <param name="strWhere"></param>
/// <param name="isRemoveDataCache">是否清除缓存</param>
/// <returns></returns>
public bool Update(T entity, List<string> lstColumns, List<string> lstIgnoreColumns, string strWhere = "", bool isRemoveDataCache = false)
{
var up = DbBaseClient.Updateable(entity);
if (lstIgnoreColumns != null && lstIgnoreColumns.Count > 0)
up = up.IgnoreColumns(lstIgnoreColumns.ToArray());
if (lstColumns != null && lstColumns.Count > 0) up = up.UpdateColumns(lstColumns.ToArray());
if (!string.IsNullOrEmpty(strWhere)) up = up.Where(strWhere);
return isRemoveDataCache ? up.RemoveDataCache().ExecuteCommandHasChange() : up.ExecuteCommandHasChange();
}
#endregion
#region
@@ -1169,70 +964,6 @@ namespace CoreCms.Net.Repository
#region
/// <summary>
/// 根据条件查询分页数据
/// </summary>
/// <param name="predicate"></param>
/// <param name="orderBy"></param>
/// <param name="pageIndex">当前页面索引</param>
/// <param name="pageSize">分布大小</param>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns></returns>
public IPageList<T> QueryPage(Expression<Func<T, bool>> predicate, string orderBy = "", int pageIndex = 1,
int pageSize = 20, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
var totalCount = 0;
var page = blUseNoLock
? DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToPageList(pageIndex, pageSize, ref totalCount)
: DbClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithCacheIF(isDataCache, cacheTimes)
.ToPageList(pageIndex, pageSize, ref totalCount);
var list = new PageList<T>(page, pageIndex, pageSize, totalCount);
return list;
}
/// <summary>
/// 根据条件查询分页数据
/// </summary>
/// <param name="predicate"></param>
/// <param name="orderBy"></param>
/// <param name="pageIndex">当前页面索引</param>
/// <param name="pageSize">分布大小</param>
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
/// <param name="isDataCache">是否启用缓存</param>
/// <param name="cacheTimes">缓存时长(分钟)</param>
/// <returns></returns>
public async Task<IPageList<T>> QueryPageAsync(Expression<Func<T, bool>> predicate, string orderBy = "",
int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
{
RefAsync<int> totalCount = 0;
var page = blUseNoLock
? await DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithNoLockOrNot(blUseNoLock)
.WithCacheIF(isDataCache, cacheTimes)
.ToPageListAsync(pageIndex, pageSize, totalCount)
: await DbBaseClient.Queryable<T>()
.OrderByIF(!string.IsNullOrEmpty(orderBy), orderBy)
.WhereIF(predicate != null, predicate)
.WithCacheIF(isDataCache, cacheTimes)
.ToPageListAsync(pageIndex, pageSize, totalCount);
var list = new PageList<T>(page, pageIndex, pageSize, totalCount);
return list;
}
/// <summary>
/// 根据条件查询分页数据
/// </summary>

16
CoreCms.Net.Repository/Good/CoreCmsGoodsRepository.cs
View File

@@ -193,7 +193,7 @@ namespace CoreCms.Net.Repository
obj.points = p.points;
obj.isDefalut = p.isDefalut;
obj.isDel = false;
obj.images=p.images;
obj.images = p.images;
products.Add(obj);
var pd = new CoreCmsProductsDistribution();
@@ -1671,13 +1671,11 @@ namespace CoreCms.Net.Repository
/// 重写根据条件及自定义排序查询分页数据返回DTO
/// </summary>
/// <param name="predicate"></param>
/// <param name="orderBy"></param>
/// <param name="pageIndex">当前页面索引</param>
/// <param name="pageSize">分布大小</param>
/// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
/// <returns></returns>
public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate, string orderBy = "",
int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate, int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
{
RefAsync<int> totalCount = 0;
List<GoodListDTO> page;
@@ -1720,7 +1718,7 @@ namespace CoreCms.Net.Repository
.With(SqlWith.NoLock)
.MergeTable()
.Where(predicate)
.OrderBy(orderBy)
.OrderBy(it => SqlFunc.Desc(it.isRecommend)).OrderBy(it => SqlFunc.Desc(it.isHot))
.ToPageListAsync(pageIndex, pageSize, totalCount);
}
else
@@ -1761,7 +1759,7 @@ namespace CoreCms.Net.Repository
})
.MergeTable()
.Where(predicate)
.OrderBy(orderBy)
.OrderBy(it => SqlFunc.Desc(it.isRecommend)).OrderBy(it => SqlFunc.Desc(it.isHot))
.ToPageListAsync(pageIndex, pageSize, totalCount);
}
var list = new PageList<GoodListDTO>(page, pageIndex, pageSize, totalCount);
@@ -1783,7 +1781,7 @@ namespace CoreCms.Net.Repository
/// <param name="pageSize">分布大小</param>
/// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
/// <returns></returns>
public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate, string orderBy = "",
public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate,
int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
{
RefAsync<int> totalCount = 0;
@@ -1840,7 +1838,7 @@ namespace CoreCms.Net.Repository
.With(SqlWith.NoLock)
.MergeTable()
.Where(predicate)
.OrderBy(orderBy)
.OrderBy(it => SqlFunc.Desc(it.isRecommend)).OrderBy(it => SqlFunc.Desc(it.isHot))
.ToPageListAsync(pageIndex, pageSize, totalCount);
}
else
@@ -1894,7 +1892,7 @@ namespace CoreCms.Net.Repository
})
.MergeTable()
.Where(predicate)
.OrderBy(orderBy)
.OrderBy(it => SqlFunc.Desc(it.isRecommend)).OrderBy(it => SqlFunc.Desc(it.isHot))
.ToPageListAsync(pageIndex, pageSize, totalCount);
}
var list = new PageList<CoreCmsGoods>(page, pageIndex, pageSize, totalCount);