sql注入问题优化,order by 里面不能用下面这种方式,为了防止sql注入,验证输入的值是否合法,比如只能包含英文,数字和下划线应以英文开头 Map<String, Object> parameters = new HashMap<>(); sql.append(" where (lzbh like :keyword or lzmc like :keyword)"); parameters.put("keyword", "%" + page.getKeyword() + "%"); countSql.append(" qxdm = :qydm"); parameters.put("qydm", page.getQydm()); List<Long> bsmList sql.append(" where bsm in(:bsmList)"); parameters.put("bsmList", bsmList); 查询时 Query query = entityManager.createNativeQuery(sql.toString()); parameters.forEach(query::setParameter); 数组到排序 notEmptyList.sort(Comparator.comparing(StationQueryVO::getCurrentValue).reversed()); List<HouseBuildingExcelDTO> excelDTOList = ModelMapperUtil.getStrictModelMapper().map(list, new TypeToken<List<HouseBuildingExcelDTO>>() { }.getType()); CaseReportDO db = ModelMapperUtil.getStrictModelMapper().map(req, CaseReportDO.class); pg数据库 date格式化 to_char(date_time,'yyyymmddHH24MIss')
List<LandCoverDO> dbList = iLandCoverMapper.findByGaMarkId(id); if(dbList == null || dbList.isEmpty()){ return null; } LandCoverDTO dto = new LandCoverDTO(); //分组 Map<String, List<LandCoverDO>> grouping = dbList.stream().collect(Collectors.groupingBy(LandCoverDO::getDlmc)); List<NameDoubleValueVO> stat = new ArrayList<>(); //遍历分组里面的数据 grouping.forEach((dlmc, landCoverDOList) -> { double totalArea = landCoverDOList.stream().mapToDouble(LandCoverDO::getGa_gdjmj).sum(); stat.add(new NameDoubleValueVO(dlmc, totalArea)); }); //排序 stat.sort(Comparator.comparing(NameDoubleValueVO::getValue).reversed());
提取对象数组里面的某个字段 List<String> lastTask = lastTasks.stream() .map(HistoricActivityInstance::getActivityId) .limit(1) .collect(Collectors.toList()); base64 private static final org.apache.commons.codec.binary.Base64 base64 = new org.apache.commons.codec.binary.Base64(); fastjson解析null值问题: 解决 null的属性不显示问题 JSONObject.toJSONString(jsonMap,SerializerFeature.WriteMapNullValue); mysql 的sql 里面 的 where 1=1 在最后的查询语句里面会被优化调。但是这个where 1=1 可能会造成查询的性能问题。比如只有 where 1=1 ,后面没有其他的查询条件了,会造成全表扫描,影响查询性能
mybatis-plus里面使用动态查询
import org.apache.commons.lang3.StringUtils; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.stereotype.Service; import java.util.List; import java.util.Map; @Service public class CustomJdbcService { private final JdbcTemplate jdbcTemplate; public CustomJdbcService(JdbcTemplate jdbcTemplate) { this.jdbcTemplate = jdbcTemplate; } // 查询数据返回 Map public List<Map<String, Object>> executeCustomSql(String sql) { // 注意防止 SQL 注入 if(StringUtils.isBlank(sql)){ return null; } return jdbcTemplate.queryForList(sql); } }
在其他类里面引用,比如在 QuestionRecordServiceImpl 类里面使用
private final CustomJdbcService customJdbcService; public QuestionRecordServiceImpl(CustomJdbcService customJdbcService) { this.customJdbcService = customJdbcService; }