MAP对象转sql如何防止注入
MAP对象转sql防止注入的方法:
通过MAP封装例如:
SqlHelper
getUpdateSql
Map modifymap=new HashMap();
modifymap.put("taxes", taxesnew);
modifymap.put("effectiveprofit", effectiveprofitnew);
modifymap.put("field001", field001new);
modifymap.put("budgetedcost", budgetedcostnew);
modifymap.put("field002", field002new);
modifymap.put("fromdepbudget", null);
modifymap.put("requestid", workflowid);
modifymap.put("effectiveamount2", effectiveamount2);
modifymap.put("contractbudget", contractbudget);
dataService.executeSql(SqlHelper.getUpdateSql("depbudget", modifymap, " id='"+id+"' "));