s : columns) {
+ selectColumns.add(columnToString(s, false));
+ }
+ }
+ return typedThis;
+ }
+
/**
* 忽略查询字段
*
diff --git a/mybatis-plus-join-core/src/main/java/com/github/yulichang/query/MPJQueryWrapper.java b/mybatis-plus-join-core/src/main/java/com/github/yulichang/query/MPJQueryWrapper.java
index 03e265d..20ce880 100644
--- a/mybatis-plus-join-core/src/main/java/com/github/yulichang/query/MPJQueryWrapper.java
+++ b/mybatis-plus-join-core/src/main/java/com/github/yulichang/query/MPJQueryWrapper.java
@@ -4,14 +4,17 @@ import com.baomidou.mybatisplus.core.conditions.AbstractWrapper;
import com.baomidou.mybatisplus.core.conditions.SharedString;
import com.baomidou.mybatisplus.core.conditions.query.Query;
import com.baomidou.mybatisplus.core.conditions.segments.MergeSegments;
+import com.baomidou.mybatisplus.core.exceptions.MybatisPlusException;
import com.baomidou.mybatisplus.core.metadata.TableFieldInfo;
import com.baomidou.mybatisplus.core.metadata.TableInfo;
import com.baomidou.mybatisplus.core.toolkit.*;
import com.github.yulichang.config.ConfigProperties;
import com.github.yulichang.query.interfaces.StringJoin;
import com.github.yulichang.toolkit.Asserts;
+import com.github.yulichang.toolkit.MPJSqlInjectionUtils;
import com.github.yulichang.toolkit.TableHelper;
import com.github.yulichang.wrapper.interfaces.Chain;
+import lombok.Getter;
import java.io.UnsupportedEncodingException;
import java.net.URLDecoder;
@@ -48,6 +51,7 @@ public class MPJQueryWrapper extends AbstractWrapper extends AbstractWrapper tableNameFunc;
+ /**
+ * 检查 SQL 注入过滤
+ */
+ private boolean checkSqlInjection = false;
+
public MPJQueryWrapper() {
super.initNeed();
@@ -114,6 +123,22 @@ public class MPJQueryWrapper extends AbstractWrapper checkSqlInjection() {
+ this.checkSqlInjection = true;
+ return this;
+ }
+
+ @Override
+ protected String columnToString(String column) {
+ if (checkSqlInjection && MPJSqlInjectionUtils.check(column)) {
+ throw new MybatisPlusException("Discovering SQL injection column: " + column);
+ }
+ return column;
+ }
+
/**
* sql去重
* select distinct
@@ -131,6 +156,14 @@ public class MPJQueryWrapper extends AbstractWrapper select(boolean condition, List columns) {
+ if (condition && CollectionUtils.isNotEmpty(columns)) {
+ selectColumns.addAll(columns);
+ }
+ return typedThis;
+ }
+
/**
* 忽略查询字段
*
@@ -208,10 +241,6 @@ public class MPJQueryWrapper extends AbstractWrapper extends MPJAbstractLambdaWrapper>
extends MPJAbstractWrapper implements QueryJoin {
/**
* 主表别名
*/
+ @Getter
protected String alias = ConfigProperties.tableAlias;
/**
* 副表别名
@@ -365,10 +366,6 @@ public abstract class MPJAbstractLambdaWrapper extends MPJAbstractLambdaWrapper> wrapperMap;
+
/**
* 推荐使用 带 class 的构造方法
*/
@@ -192,6 +204,7 @@ public class MPJLambdaWrapper extends MPJAbstractLambdaWrapper MPJLambdaWrapper selectSub(Class clazz, String st, Consumer> consumer, SFunction alias) {
MPJLambdaWrapper wrapper = new MPJLambdaWrapper(null, clazz, SharedString.emptyString(), paramNameSeq, paramNameValuePairs,
new MergeSegments(), SharedString.emptyString(), SharedString.emptyString(), SharedString.emptyString(),
@@ -203,6 +216,7 @@ public class MPJLambdaWrapper extends MPJAbstractLambdaWrapper extends MPJAbstractLambdaWrapper union(MPJLambdaWrapper... wrappers) {
StringBuilder sb = new StringBuilder();
for (MPJLambdaWrapper wrapper : wrappers) {
+ addCustomWrapper(wrapper);
Class entityClass = wrapper.getEntityClass();
Assert.notNull(entityClass, "请使用 new MPJLambdaWrapper(主表.class) 或 JoinWrappers.lambda(主表.class) 构造方法");
sb.append(" UNION ")
@@ -234,6 +249,7 @@ public class MPJLambdaWrapper extends MPJAbstractLambdaWrapper MPJLambdaWrapper unionAll(MPJLambdaWrapper... wrappers) {
StringBuilder sb = new StringBuilder();
for (MPJLambdaWrapper wrapper : wrappers) {
+ addCustomWrapper(wrapper);
Class entityClass = wrapper.getEntityClass();
Assert.notNull(entityClass, "请使用 new MPJLambdaWrapper(主表.class) 或 JoinWrappers.lambda(主表.class) 构造方法");
sb.append(" UNION ALL ")
@@ -246,6 +262,20 @@ public class MPJLambdaWrapper extends MPJAbstractLambdaWrapper wrapper) {
+ if (Objects.isNull(wrapperIndex)) {
+ wrapperIndex = new AtomicInteger(0);
+ }
+ int index = wrapperIndex.incrementAndGet();
+ if (Objects.isNull(wrapperMap)) {
+ wrapperMap = new HashMap<>();
+ }
+ String key = "ew" + index;
+ wrapper.setParamAlias(wrapper.getParamAlias() + ".wrapperMap." + key);
+ wrapperMap.put(key, wrapper);
+ }
+
/**
* 查询条件 SQL 片段
*/
@@ -329,6 +359,8 @@ public class MPJLambdaWrapper extends MPJAbstractLambdaWrapper {
boolean isResultMap();
List getResultMapMybatisLabel();
+
+ Map> getWrapperMap();
}
diff --git a/mybatis-plus-join-extension/pom.xml b/mybatis-plus-join-extension/pom.xml
index f3e0927..fd16f2d 100644
--- a/mybatis-plus-join-extension/pom.xml
+++ b/mybatis-plus-join-extension/pom.xml
@@ -51,7 +51,7 @@
com.baomidou
mybatis-plus-extension
- 3.5.3.1
+ 3.5.3.2
provided
diff --git a/mybatis-plus-join-test/test-join/src/test/java/com/github/yulichang/test/join/LambdaWrapperTest.java b/mybatis-plus-join-test/test-join/src/test/java/com/github/yulichang/test/join/LambdaWrapperTest.java
index 9b27ce1..de21cd0 100644
--- a/mybatis-plus-join-test/test-join/src/test/java/com/github/yulichang/test/join/LambdaWrapperTest.java
+++ b/mybatis-plus-join-test/test-join/src/test/java/com/github/yulichang/test/join/LambdaWrapperTest.java
@@ -1057,21 +1057,38 @@ class LambdaWrapperTest {
wrapper1.list();
}
+ /**
+ * select 子查询
+ */
+ @Test
+ void checkOrderBy() {
+ MPJLambdaWrapper wrapper = JoinWrappers.lambda(UserDO.class)
+ .selectAll(UserDO.class)
+ .leftJoin(AddressDO.class, AddressDO::getUserId, UserDO::getId)
+ .le(UserDO::getId, 100)
+ .checkSqlInjection()
+ .orderByDesc("t.id");
+ wrapper.list();
+ }
/**
* select 子查询
*/
@Test
void union() {
+ ThreadLocalUtils.set();
MPJLambdaWrapper wrapper = JoinWrappers.lambda(UserDO.class)
- .selectAll(UserDO.class);
+ .selectAll(UserDO.class)
+ .eq(UserDO::getId, 1);
MPJLambdaWrapper wrapper1 = JoinWrappers.lambda(UserDO.class)
- .selectAll(UserDO.class);
+ .selectAll(UserDO.class)
+ .eq(UserDO::getName, "张三 2");
MPJLambdaWrapper wrapper2 = JoinWrappers.lambda(UserDO.class)
- .selectAll(UserDO.class);
-
+ .selectAll(UserDO.class)
+ .eq(UserDO::getPid, 2);
wrapper.union(wrapper1, wrapper2);
- wrapper.list();
- System.out.println(1);
+ List list = wrapper.list();
+
+ assert list.size() == 7;
}
}
diff --git a/mybatis-plus-join-test/test-kotlin/src/test/com/github/yulichang/test/kt/LambdaWrapperTest.kt b/mybatis-plus-join-test/test-kotlin/src/test/com/github/yulichang/test/kt/LambdaWrapperTest.kt
index 912c69f..b6097b0 100644
--- a/mybatis-plus-join-test/test-kotlin/src/test/com/github/yulichang/test/kt/LambdaWrapperTest.kt
+++ b/mybatis-plus-join-test/test-kotlin/src/test/com/github/yulichang/test/kt/LambdaWrapperTest.kt
@@ -1128,16 +1128,18 @@ class LambdaWrapperTest {
*/
@Test
fun union() {
- ThreadLocalUtils.set("SELECT t.id,t.pid,t.`name`,t.`json`,t.sex,t.head_img,t.create_time,t.address_id,t.address_id2,t.del,t.create_by,t.update_by FROM `user` t WHERE t.del=false UNION SELECT t.id,t.pid,t.`name`,t.`json`,t.sex,t.head_img,t.create_time,t.address_id,t.address_id2,t.del,t.create_by,t.update_by FROM `user` t WHERE t.del=false UNION SELECT t.id,t.pid,t.`name`,t.`json`,t.sex,t.head_img,t.create_time,t.address_id,t.address_id2,t.del,t.create_by,t.update_by FROM `user` t WHERE t.del=false")
val wrapper: KtLambdaWrapper = KtWrappers.query(UserDO::class.java)
.selectAll(UserDO::class.java)
+ .eq(UserDO::id, 1)
val wrapper1: KtLambdaWrapper = KtWrappers.query(UserDO::class.java)
.selectAll(UserDO::class.java)
+ .eq(UserDO::name, "张三 2")
val wrapper2: KtLambdaWrapper = KtWrappers.query(UserDO::class.java)
.selectAll(UserDO::class.java)
+ .eq(UserDO::pid, 2)
wrapper.union(wrapper1, wrapper2)
- wrapper.list()
- println(1)
+ val list = wrapper.list()
+ assert(list.size == 7)
}
}
diff --git a/mybatis-plus-join-test/test-springboot3-jdk17/pom.xml b/mybatis-plus-join-test/test-springboot3-jdk17/pom.xml
index 1fb7c5d..28043d4 100644
--- a/mybatis-plus-join-test/test-springboot3-jdk17/pom.xml
+++ b/mybatis-plus-join-test/test-springboot3-jdk17/pom.xml
@@ -47,7 +47,7 @@
com.baomidou
mybatis-plus-boot-starter
- 3.5.3.1
+ 3.5.3.2