sql 条件校验合法

siwei-modules/siwei-apply/src/main/java/com/siwei/apply/controller/cadastre/CadastreManageController.java

@@ -297,19 +297,17 @@ public class CadastreManageController extends BaseController {
         }
     }
 
+
     @GetMapping("/checkQueryWhere")
-    public R<List<String>> checkQueryWhere(@RequestParam("tableName") String tableName, @RequestParam("queryWhere") String queryWhere) {
+    public R<Boolean> checkQueryWhere(@RequestParam("tableName") String tableName, @RequestParam("queryWhere") String queryWhere) {
         try {
-            //List<String> res = cadastreManageService.checkQueryWhere(tableName, geomFlag, bsm, ywh);
-            List<String> res = new ArrayList<>();
-            res.add("查询条件合法");
+            Boolean res = cadastreManageService.checkQueryWhere(tableName, queryWhere);
             return R.ok(res);
         } catch (Exception e) {
             return R.fail(e.getMessage());
         }
     }
 
-
     /**
      * 批量更新
      * @param content

siwei-modules/siwei-apply/src/main/java/com/siwei/apply/mapper/CadastreFileMapper.java

@@ -109,6 +109,6 @@ public interface CadastreFileMapper {
     List<Map<String,Object>> selectTableRowExcel(@Param("tableName") String tableName, @Param("geomFlag") String geomFlag, @Param("bsmList") List<Object> bsmList, @Param("ywhList") List<String> ywhList);
 
 
-
+    String checkQueryWhere(@Param("tableName") String tableName, @Param("queryWhere") String queryWhere);
 
 }

siwei-modules/siwei-apply/src/main/java/com/siwei/apply/service/cadastre/CadastreManageService.java

@@ -60,5 +60,7 @@ public interface CadastreManageService {
 
     List<Map<String, Object>> getDataByName(String tableName) ;
 
+    Boolean checkQueryWhere(String tableName, String queryWhere);
+
 
 }

siwei-modules/siwei-apply/src/main/java/com/siwei/apply/service/cadastre/impl/CadastreManageServiceImpl.java

@@ -1274,6 +1274,9 @@ public class CadastreManageServiceImpl implements CadastreManageService {
         if(StringUtils.isNotEmpty(ywh)){
             ywh = ywh.trim();
         }
+        if (ywh.matches(".*=\\d+")) {
+            ywh = ywh.replaceAll("=(\\d+)", "='$1'");
+        }
         List<Map<String,Object>> res = cadastreFileMapper.selectTableDataByCondition(validFlag,tableName,bsm,ywh);
         if(CollectionUtils.isNotEmpty(res)){ //去掉geom字段和valid_flag字段
             //res.forEach(m -> m.keySet().removeIf(k -> "geom".equalsIgnoreCase(k)|| "valid_flag".equalsIgnoreCase(k)));
@@ -1357,5 +1360,20 @@ public class CadastreManageServiceImpl implements CadastreManageService {
     }
 
 
+    @Override
+    public Boolean checkQueryWhere(String tableName, String queryWhere) {
+        try {
+            if (queryWhere.matches(".*=\\d+")) {
+                queryWhere = queryWhere.replaceAll("=(\\d+)", "='$1'");
+            }
+            String res  = cadastreFileMapper.checkQueryWhere(tableName, queryWhere);
+            log.info("SQL语法检查结果，res: {}", res);
+            return true;
+        } catch (Exception e) {
+            throw new ServiceException("SQL语法检查异常：");
+        }
+    }
+
+
 
 }

siwei-modules/siwei-apply/src/main/resources/mapper/cadastre/CadastreFileMapper.xml

@@ -372,5 +372,9 @@
         LIMIT 1
     </select>
 
+    <select id="checkQueryWhere" resultType="String">
+        EXPLAIN (FORMAT JSON)
+        SELECT 1 FROM vector.${tableName} WHERE ${queryWhere} LIMIT 1
+    </select>
 
 </mapper>

siwei-modules/siwei-spatial/src/main/resources/mapper/postgresql/spatial/file/TGeomDbDetailsMapper.xml

@@ -123,7 +123,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
                     null
                 </otherwise>
             </choose>,
-            1
+            0
         )
         </foreach>
     </insert>
@@ -146,7 +146,7 @@ PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
                     null
                 </otherwise>
             </choose>,
-            1
+            0
             )
         </foreach>
     </insert>