wgh/coreshoppro
1
0
Fork 0
mirror of http://git.coreshop.cn/jianweie/coreshoppro.git synced 2026-03-22 14:17:21 +08:00
Code Issues Packages Projects Releases Wiki Activity

【优化】移除2个orderBy使用的sql组合方法参数,移除4个仓储基类的所有sql组合方法,全部使用参数化提交,防止出现可能存在的sql注入。

Browse Source
This commit is contained in:
jianweie code
2024-01-17 20:02:06 +08:00
parent f16797adb5
commit a6e345a48b
15 changed files with 77 additions and 883 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CoreCms.Net.Services/Promotion/CoreCmsPromotionServices.cs
View File

@@ -190,7 +190,7 @@ namespace CoreCms.Net.Services
var dtoData = new List<GroupPurchaseSeckillDTO>();
var promotions = await _dal.QueryListByClauseAsync(p => p.isEnable == true && p.isDel == false && promotionIds.Contains(p.id), promotionIds.Length, "", true, true);
var promotions = await _dal.QueryListByClauseAsync(p => p.isEnable == true && p.isDel == false && promotionIds.Contains(p.id), promotionIds.Length, p => p.id, OrderByType.Desc, true, true);
if (promotions != null && promotions.Any())
{
//获取团购序列