</select>
直接引入传递的参数,存在引入的参数1=1的sql注入问题,修改为:
<select id="getBeanBySkuBatch" parameterType="com.wlyd.fmcgwms.util.CondOrderLimit" resultMap="stockMap"> SELECT s.*,l.cdlc_location_code locationCode,item.CDSK_IS_DECIMAL cdskIsDecimal FROM wm_stock_${conditions.esCorCode} s LEFT join cd_wh_itme_${conditions.esCorCode} item on s.WMST_SKU_ID=item.CD_ITEM_ID left join cd_wh_location_${conditions.esCorCode} l on s.wmst_wh_loc_id = l.cdlc_id WHERE s.WMST_ENABLED_NUMBER>0 <if test="conditions.wmstSkuBatch != null and conditions.wmstSkuBatch != ''"> and s.WMST_SKU_BATCH = '${conditions.wmstSkuBatch}' </if> <if test="conditions.locationCode != null and conditions.locationCode != ''"> and l.cdlc_location_code = '${conditions.locationCode}' </if> <if test="conditions.type == 1 and conditions.wmstBoxNumber!=''"> and s.WMST_BOX_NUMBER = '${conditions.wmstBoxNumber}' </if> <if test="conditions.type == 1 and conditions.wmstBoxNumber==''"> and s.WMST_BOX_NUMBER ='' or s.WMST_BOX_NUMBER is null </if> <if test="conditions.type == 2 and conditions.wmstBoxNumber!='' and conditions.wmstTaryNumber!=''"> and s.WMST_BOX_NUMBER = '${conditions.wmstBoxNumber}' and s.WMST_TARY_NUMBER = '${conditions.wmstTaryNumber}' </if> <if test="conditions.type == 2 and conditions.wmstBoxNumber=='' and conditions.wmstTaryNumber!=''"> and (s.WMST_BOX_NUMBER ='' or s.WMST_BOX_NUMBER is null) and s.WMST_TARY_NUMBER = '${conditions.wmstTaryNumber}' </if> <if test="conditions.type == 2 and conditions.wmstBoxNumber!='' and conditions.wmstTaryNumber==''"> and s.WMST_BOX_NUMBER = '${conditions.wmstBoxNumber}' and (s.WMST_TARY_NUMBER ='' or s.WMST_TARY_NUMBER is null) </if> <if test="conditions.type == 2 and conditions.wmstBoxNumber=='' and conditions.wmstTaryNumber==''"> and (s.WMST_BOX_NUMBER ='' or s.WMST_BOX_NUMBER is null) and (s.WMST_TARY_NUMBER ='' or s.WMST_TARY_NUMBER is null) </if> <if test="conditions.wmstId != null and conditions.type == 3"> and s.WMST_ID = ${conditions.wmstId} </if> </select>
