xc-mall.git - Gitblit

parent: 5fea0979 | patch | commit | ignore whitespace

Administrator

2025-05-21 fec73caa165bc53fd38562875c5b53acae085455

fix:修复会员查询 SQL 注入漏洞

- 在会员查询 SQL 中添加对 phone 字段的非空判断，防止 SQL 注入攻击
- 提高了查询安全性，避免潜在的安全风险

1 files modified

src/main/resources/mapper/modules/MallMemberMapper.xml

1 ●●●●● patch | view | raw | blame | history

 src/main/resources/mapper/modules/MallMemberMapper.xml

@@ -57,6 +57,7 @@
        left join happy_member_level c on c.code = a.director
        left join mall_member_wallet d on d.member_id = a.id
        <where>
            and a.phone is not null
            <if test="record != null" >
                <if test="record.birthdayQuery!=null">
                    and date_format(a.birthday, '%m-%d') = date_format(#{record.birthdayQuery}, '%m-%d')

			@@ -57,6 +57,7 @@
			left join happy_member_level c on c.code = a.director
			left join mall_member_wallet d on d.member_id = a.id
			<where>
			and a.phone is not null
			<if test="record != null" >
			<if test="record.birthdayQuery!=null">
			and date_format(a.birthday, '%m-%d') = date_format(#{record.birthdayQuery}, '%m-%d')