You signed in with another tab or window.Reload to refresh your session.You signed out in another tab or window.Reload to refresh your session.You switched accounts on another tab or window.Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: server/api-service/lowcoder-plugins/sqlBasedPlugin/src/main/java/org/lowcoder/plugin/sql/GeneralSqlExecutor.java
+35-31Lines changed: 35 additions & 31 deletions
Original file line number
Diff line number
Diff line change
@@ -149,44 +149,48 @@ private Pair<Statement, Boolean> getStatementAndExecute(Connection connection, S
149
149
Stringsql =statementInput.getSql();
150
150
List<Object>params =statementInput.getParams();
151
151
152
-
intorderByIndex = -1;
153
-
StringsortValue =null;
154
-
for (inti =0;i <params.size();i++) {
155
-
Objectparam =params.get(i);
156
-
if (paraminstanceofMap<?, ?>map &&map.containsKey("sort")) {
157
-
orderByIndex =i;// Index of the ? to replace (0-based)
158
-
sortValue =String.valueOf(map.get("sort"));// e.g., "ASC" or "DESC"
159
-
break;
152
+
intorderByIndex;
153
+
StringsortValue;
154
+
do {
155
+
orderByIndex = -1;
156
+
sortValue =null;
157
+
for (inti =0;i <params.size();i++) {
158
+
Objectparam =params.get(i);
159
+
if (paraminstanceofMap<?, ?>map &&map.containsKey("sort")) {
160
+
orderByIndex =i;// Index of the ? to replace (0-based)
161
+
sortValue =String.valueOf(map.get("sort"));// e.g., "ASC" or "DESC"
162
+
break;
163
+
}
160
164
}
161
-
}
162
165
163
-
if (orderByIndex >=0 &&sortValue !=null) {
164
-
// Validate sortValue to prevent SQL injection
165
-
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
166
-
sortValue ="ASC";// Default to ASC if invalid
167
-
}
166
+
if (orderByIndex >=0 &&sortValue !=null) {
167
+
// Validate sortValue to prevent SQL injection
168
+
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
169
+
sortValue ="ASC";// Default to ASC if invalid
170
+
}
168
171
169
-
// Split the SQL at the ? placeholders
170
-
String[]sqlParts =sql.split("\\?", -1);
171
-
if (orderByIndex <sqlParts.length -1) {
172
-
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
173
-
StringBuildernewSql =newStringBuilder();
174
-
for (inti =0;i <sqlParts.length;i++) {
175
-
newSql.append(sqlParts[i]);
176
-
if (i <sqlParts.length -1) {
177
-
if (i ==orderByIndex) {
178
-
newSql.append(sortValue);// Insert ASC or DESC
179
-
}else {
180
-
newSql.append("?");// Keep other placeholders
172
+
// Split the SQL at the ? placeholders
173
+
String[]sqlParts =sql.split("\\?", -1);
174
+
if (orderByIndex <sqlParts.length -1) {
175
+
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
176
+
StringBuildernewSql =newStringBuilder();
177
+
for (inti =0;i <sqlParts.length;i++) {
178
+
newSql.append(sqlParts[i]);
179
+
if (i <sqlParts.length -1) {
180
+
if (i ==orderByIndex) {
181
+
newSql.append(sortValue);// Insert ASC or DESC
182
+
}else {
183
+
newSql.append("?");// Keep other placeholders
184
+
}
181
185
}
182
186
}
183
-
}
184
-
sql =newSql.toString();
187
+
sql =newSql.toString();
185
188
186
-
// Remove the Map from params since it's no longer a bind parameter
187
-
params.remove(orderByIndex);
189
+
// Remove the Map from params since it's no longer a bind parameter
