mirror of
http://git.coreshop.cn/jianweie/coreshoppro.git
synced 2025-12-06 17:23:26 +08:00
【优化】移除2个orderBy使用的sql组合方法参数,移除4个仓储基类的所有sql组合方法,全部使用参数化提交,防止出现可能存在的sql注入。
This commit is contained in:
jianweie code
@@ -162,13 +162,7 @@ namespace CoreCms.Net.Web.WebApi.Controllers
|
||||
}
|
||||
}
|
||||
|
||||
var orderBy = " isRecommend desc,isHot desc";
|
||||
if (!string.IsNullOrEmpty(entity.order))
|
||||
{
|
||||
orderBy += "," + entity.order;
|
||||
}
|
||||
|
||||
var list = await _goodsServices.QueryAgentGoodsPageAsync(where, orderBy, entity.page, entity.limit, false);
|
||||
var list = await _goodsServices.QueryAgentGoodsPageAsync(where, entity.page, entity.limit, true);
|
||||
if (list.Any())
|
||||
{
|
||||
foreach (var goods in list)
|
||||
@@ -188,7 +182,6 @@ namespace CoreCms.Net.Web.WebApi.Controllers
|
||||
list.TotalPages,
|
||||
entity.limit,
|
||||
entity.where,
|
||||
entity.order,
|
||||
};
|
||||
jm.msg = "数据调用成功!";
|
||||
|
||||
|
||||
@@ -249,13 +249,8 @@ namespace CoreCms.Net.Web.WebApi.Controllers
|
||||
where = where.And(p => p.name.Contains(obj.searchName));
|
||||
}
|
||||
}
|
||||
var orderBy = " isRecommend desc,isHot desc,sort desc";
|
||||
if (!string.IsNullOrWhiteSpace(entity.order))
|
||||
{
|
||||
orderBy += "," + entity.order;
|
||||
}
|
||||
//获取数据
|
||||
var list = await _goodsServices.QueryPageByDTOAsync(where, orderBy, entity.page, entity.limit, true);
|
||||
var list = await _goodsServices.QueryPageByDTOAsync(where, entity.page, entity.limit, true);
|
||||
|
||||
//获取品牌
|
||||
var brands = await _brandServices.QueryListByClauseAsync(p => p.isShow == true, p => p.sort, OrderByType.Desc, true, true);
|
||||
@@ -271,7 +266,6 @@ namespace CoreCms.Net.Web.WebApi.Controllers
|
||||
list.TotalPages,
|
||||
entity.limit,
|
||||
entity.where,
|
||||
entity.order,
|
||||
brands
|
||||
};
|
||||
jm.msg = "数据调用成功!";
|
||||
|
||||
Reference in New Issue
Block a user