mirror of
http://git.coreshop.cn/jianweie/coreshoppro.git
synced 2025-12-06 15:43:27 +08:00
【优化】移除2个orderBy使用的sql组合方法参数,移除4个仓储基类的所有sql组合方法,全部使用参数化提交,防止出现可能存在的sql注入。
This commit is contained in:
jianweie code
@@ -130,62 +130,6 @@ namespace CoreCms.Net.Services
|
||||
return await BaseDal.QueryAsync(blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
/// <param name="strWhere">条件</param>
|
||||
/// <param name="orderBy">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public List<T> QueryListByClause(string strWhere, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return BaseDal.QueryListByClause(strWhere, orderBy, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
/// <param name="strWhere">条件</param>
|
||||
/// <param name="orderBy">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public async Task<List<T>> QueryListByClauseAsync(string strWhere, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return await BaseDal.QueryListByClauseAsync(strWhere, orderBy, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
/// <param name="predicate">条件表达式树</param>
|
||||
/// <param name="orderBy">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return BaseDal.QueryListByClause(predicate, orderBy, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
/// <param name="predicate">条件表达式树</param>
|
||||
/// <param name="orderBy">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, string orderBy = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return await BaseDal.QueryListByClauseAsync(predicate, orderBy, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
@@ -196,7 +140,7 @@ namespace CoreCms.Net.Services
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate, OrderByType orderByType, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate = null, OrderByType orderByType = OrderByType.Asc, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return BaseDal.QueryListByClause(predicate, orderByPredicate, orderByType, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
@@ -211,7 +155,7 @@ namespace CoreCms.Net.Services
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns>泛型实体集合</returns>
|
||||
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate, OrderByType orderByType, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, Expression<Func<T, object>> orderByPredicate = null, OrderByType orderByType = OrderByType.Asc, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return await BaseDal.QueryListByClauseAsync(predicate, orderByPredicate, orderByType, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
@@ -248,36 +192,6 @@ namespace CoreCms.Net.Services
|
||||
return await BaseDal.QueryListByClauseAsync(predicate, take, orderByPredicate, orderByType, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询一定数量数据
|
||||
/// </summary>
|
||||
/// <param name="predicate">条件表达式树</param>
|
||||
/// <param name="take">获取数量</param>
|
||||
/// <param name="strOrderByFields">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns></returns>
|
||||
public List<T> QueryListByClause(Expression<Func<T, bool>> predicate, int take, string strOrderByFields = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return BaseDal.QueryListByClause(predicate, take, strOrderByFields, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询一定数量数据
|
||||
/// </summary>
|
||||
/// <param name="predicate">条件表达式树</param>
|
||||
/// <param name="take">获取数量</param>
|
||||
/// <param name="strOrderByFields">排序字段,如name asc,age desc</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns></returns>
|
||||
public async Task<List<T>> QueryListByClauseAsync(Expression<Func<T, bool>> predicate, int take, string strOrderByFields = "", bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return await BaseDal.QueryListByClauseAsync(predicate, take, strOrderByFields, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询数据
|
||||
/// </summary>
|
||||
@@ -494,52 +408,6 @@ namespace CoreCms.Net.Services
|
||||
return await BaseDal.UpdateAsync(entity, isRemoveDataCache);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据手写条件更新
|
||||
/// </summary>
|
||||
/// <param name="entity"></param>
|
||||
/// <param name="strWhere"></param>
|
||||
/// <param name="isRemoveDataCache"></param>
|
||||
/// <returns></returns>
|
||||
public bool Update(T entity, string strWhere, bool isRemoveDataCache = false)
|
||||
{
|
||||
return BaseDal.Update(entity, strWhere, isRemoveDataCache);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据手写条件更新
|
||||
/// </summary>
|
||||
/// <param name="entity"></param>
|
||||
/// <param name="strWhere"></param>
|
||||
/// <param name="isRemoveDataCache"></param>
|
||||
/// <returns></returns>
|
||||
public async Task<bool> UpdateAsync(T entity, string strWhere, bool isRemoveDataCache = false)
|
||||
{
|
||||
return await BaseDal.UpdateAsync(entity, strWhere, isRemoveDataCache);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据手写sql语句更新数据
|
||||
/// </summary>
|
||||
/// <param name="strSql"></param>
|
||||
/// <param name="parameters"></param>
|
||||
/// <returns></returns>
|
||||
public bool Update(string strSql, SugarParameter[] parameters = null)
|
||||
{
|
||||
return BaseDal.Update(strSql, parameters);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据手写sql语句更新数据
|
||||
/// </summary>
|
||||
/// <param name="strSql"></param>
|
||||
/// <param name="parameters"></param>
|
||||
/// <returns></returns>
|
||||
public async Task<bool> UpdateAsync(string strSql, SugarParameter[] parameters = null)
|
||||
{
|
||||
return await BaseDal.UpdateAsync(strSql, parameters);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 更新某个字段
|
||||
/// </summary>
|
||||
@@ -564,33 +432,6 @@ namespace CoreCms.Net.Services
|
||||
return await BaseDal.UpdateAsync(columns, where, isRemoveDataCache);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件更新
|
||||
/// </summary>
|
||||
/// <param name="entity"></param>
|
||||
/// <param name="lstColumns"></param>
|
||||
/// <param name="lstIgnoreColumns"></param>
|
||||
/// <param name="strWhere"></param>
|
||||
/// <param name="isRemoveDataCache"></param>
|
||||
/// <returns></returns>
|
||||
public async Task<bool> UpdateAsync(T entity, List<string> lstColumns = null, List<string> lstIgnoreColumns = null, string strWhere = "", bool isRemoveDataCache = false)
|
||||
{
|
||||
return await BaseDal.UpdateAsync(entity, lstColumns, lstIgnoreColumns, strWhere, isRemoveDataCache);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件更新
|
||||
/// </summary>
|
||||
/// <param name="entity"></param>
|
||||
/// <param name="lstColumns"></param>
|
||||
/// <param name="lstIgnoreColumns"></param>
|
||||
/// <param name="strWhere"></param>
|
||||
/// <param name="isRemoveDataCache"></param>
|
||||
/// <returns></returns>
|
||||
public bool Update(T entity, List<string> lstColumns = null, List<string> lstIgnoreColumns = null, string strWhere = "", bool isRemoveDataCache = false)
|
||||
{
|
||||
return BaseDal.Update(entity, lstColumns, lstIgnoreColumns, strWhere, isRemoveDataCache);
|
||||
}
|
||||
#endregion
|
||||
|
||||
#region 删除数据
|
||||
@@ -1006,40 +847,6 @@ namespace CoreCms.Net.Services
|
||||
|
||||
#region 分页数据
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询分页数据
|
||||
/// </summary>
|
||||
/// <param name="predicate"></param>
|
||||
/// <param name="orderBy"></param>
|
||||
/// <param name="pageIndex">当前页面索引</param>
|
||||
/// <param name="pageSize">分布大小</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns></returns>
|
||||
public IPageList<T> QueryPage(Expression<Func<T, bool>> predicate, string orderBy = "", int pageIndex = 1,
|
||||
int pageSize = 20, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return BaseDal.QueryPage(predicate, orderBy, pageIndex, pageSize, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询分页数据
|
||||
/// </summary>
|
||||
/// <param name="predicate"></param>
|
||||
/// <param name="orderBy"></param>
|
||||
/// <param name="pageIndex">当前页面索引</param>
|
||||
/// <param name="pageSize">分布大小</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NoLock)</param>
|
||||
/// <param name="isDataCache">是否启用缓存</param>
|
||||
/// <param name="cacheTimes">缓存时长(分钟)</param>
|
||||
/// <returns></returns>
|
||||
public async Task<IPageList<T>> QueryPageAsync(Expression<Func<T, bool>> predicate, string orderBy = "",
|
||||
int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false, bool isDataCache = false, int cacheTimes = int.MaxValue)
|
||||
{
|
||||
return await BaseDal.QueryPageAsync(predicate, orderBy, pageIndex, pageSize, blUseNoLock, isDataCache, cacheTimes);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// 根据条件查询分页数据
|
||||
/// </summary>
|
||||
|
||||
@@ -1010,10 +1010,9 @@ namespace CoreCms.Net.Services
|
||||
/// <param name="pageSize">分布大小</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
|
||||
/// <returns></returns>
|
||||
public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate,
|
||||
string orderBy = "", int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
|
||||
public async Task<IPageList<GoodListDTO>> QueryPageByDTOAsync(Expression<Func<GoodListDTO, bool>> predicate, int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
|
||||
{
|
||||
return await _dal.QueryPageByDTOAsync(predicate, orderBy, pageIndex, pageSize, blUseNoLock);
|
||||
return await _dal.QueryPageByDTOAsync(predicate, pageIndex, pageSize, blUseNoLock);
|
||||
}
|
||||
#endregion
|
||||
|
||||
@@ -1026,10 +1025,10 @@ namespace CoreCms.Net.Services
|
||||
/// <param name="pageSize">分布大小</param>
|
||||
/// <param name="blUseNoLock">是否使用WITH(NOLOCK)</param>
|
||||
/// <returns></returns>
|
||||
public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate, string orderBy = "",
|
||||
public async Task<IPageList<CoreCmsGoods>> QueryAgentGoodsPageAsync(Expression<Func<CoreCmsGoods, bool>> predicate,
|
||||
int pageIndex = 1, int pageSize = 20, bool blUseNoLock = false)
|
||||
{
|
||||
return await _dal.QueryAgentGoodsPageAsync(predicate, orderBy, pageIndex, pageSize, blUseNoLock);
|
||||
return await _dal.QueryAgentGoodsPageAsync(predicate, pageIndex, pageSize, blUseNoLock);
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -190,7 +190,7 @@ namespace CoreCms.Net.Services
|
||||
|
||||
var dtoData = new List<GroupPurchaseSeckillDTO>();
|
||||
|
||||
var promotions = await _dal.QueryListByClauseAsync(p => p.isEnable == true && p.isDel == false && promotionIds.Contains(p.id), promotionIds.Length, "", true, true);
|
||||
var promotions = await _dal.QueryListByClauseAsync(p => p.isEnable == true && p.isDel == false && promotionIds.Contains(p.id), promotionIds.Length, p => p.id, OrderByType.Desc, true, true);
|
||||
if (promotions != null && promotions.Any())
|
||||
{
|
||||
//获取团购序列
|
||||
|
||||
@@ -197,21 +197,21 @@ namespace CoreCms.Net.Services
|
||||
var result = JArray.Parse(parameters["list"].ToString());
|
||||
var noticeIds = result.Select(ss => ((JObject)ss)["id"].ObjectToInt(0)).Where(noticeId => noticeId > 0).ToList();
|
||||
where = where.And(p => noticeIds.Contains(p.id));
|
||||
if (noticeIds.Any())
|
||||
{
|
||||
noticeIdsStr = string.Join(",", noticeIdsStr);
|
||||
//按照固定的序列id进行排序
|
||||
if (AppSettingsConstVars.DbDbType == DbType.SqlServer.ToString())
|
||||
{
|
||||
orderBy = " CHARINDEX(RTRIM(CAST(id as NCHAR)),'" + noticeIdsStr + "') ";
|
||||
}
|
||||
else if (AppSettingsConstVars.DbDbType == DbType.MySql.ToString())
|
||||
{
|
||||
orderBy = " find_in_set(id,'" + noticeIdsStr + "') ";
|
||||
}
|
||||
}
|
||||
//if (noticeIds.Any())
|
||||
//{
|
||||
// noticeIdsStr = string.Join(",", noticeIdsStr);
|
||||
// //按照固定的序列id进行排序
|
||||
// if (AppSettingsConstVars.DbDbType == DbType.SqlServer.ToString())
|
||||
// {
|
||||
// orderBy = " CHARINDEX(RTRIM(CAST(id as NCHAR)),'" + noticeIdsStr + "') ";
|
||||
// }
|
||||
// else if (AppSettingsConstVars.DbDbType == DbType.MySql.ToString())
|
||||
// {
|
||||
// orderBy = " find_in_set(id,'" + noticeIdsStr + "') ";
|
||||
// }
|
||||
//}
|
||||
}
|
||||
var notices = await _noticeServices.QueryListByClauseAsync(where, orderBy);
|
||||
var notices = await _noticeServices.QueryListByClauseAsync(where, p => p.createTime, OrderByType.Desc);
|
||||
if (notices != null && notices.Any())
|
||||
{
|
||||
var result = JArray.FromObject(notices);
|
||||
|
||||
Reference in New Issue
Block a user