xioayue
/
btgym_php
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

防止sql注入

master
wanghongjun 3 years ago
parent
08fd7daf8c
commit
9e6042d17c
2 changed files with 31 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      source/application/api/controller/pass/Passcc.php
  2. 41
      source/application/common/logic/PassFlow.php

4
source/application/api/controller/pass/Passcc.php
View File

@ -93,8 +93,8 @@ class Passcc extends Controller
*/
public function getPassHoursData()
{
$groupsId = $this->request->param('groupsId') ?: '';
$data = PassFlow::getPassHoursData(null,['groupsId' => $groupsId]);
$type = $this->request->param('type') ?: '';
$data = PassFlow::getPassHoursData(null,['type' => $type]);
return $this->renderSuccess(compact('data'));
}
}

41
source/application/common/logic/PassFlow.php
View File

@ -6,6 +6,17 @@ use app\common\dm\Dm;
class PassFlow
{
protected static $groupType = [1,2];# 1 = 体育 2 = 文化
protected static function getGroupIds($dm,$type = 1)
{
$groupIdArr = [];
$result = $dm->select('bt_passenger_monitor_group',['type' => $type]);
foreach ($result as $row) {
$groupIdArr[] = $row['groupId'];
}
return $groupIdArr;
}
/**
* 分时时间段接口 <首页-客流趋势>
* @return array
@ -17,14 +28,16 @@ class PassFlow
{
$granularity = $param['granularity'];
$groupsId = $param['groupsId'];
$type = $param['type'];
if (empty($granularity)) return ['code' => 0, 'msg' => '缺少参数:granularity'];
$where = '';
if (!empty($groupsId)) {
$garr = explode("|", $groupsId);
$where .= ' "groupId" in(' . "'" . implode("','", $garr) . "')";
$groupsId = '';
if (!empty($type)) {
if (!in_array($type,self::$groupType)) return ['code' => 0, 'msg' => 'type字段参数错误'];
$groupsIdArr = self::getGroupIds($dm,$type);
$groupsId = implode("|",$groupsIdArr);
$where .= ' "groupId" in(' . "'" . implode("','", $groupsIdArr) . "')";
}
$allTimeData = [];
@ -251,8 +264,9 @@ class PassFlow
if (empty($dm)) $dm = new Dm();
$paramWhere = '';
if (!empty($param)) {
if (!empty($param['groupsId'])) {
$groupsId = explode("|",$param['groupsId']);
if (!empty($param['type'])) {
if (!in_array($param['type'],self::$groupType)) return ['code' => 0, 'msg' => 'type字段参数错误'];
$groupsId = self::getGroupIds($dm,$param['type']);
$paramWhere .= ' and "groupId" in (' . "'" . implode("','",$groupsId) . "')";
}
}
@ -394,9 +408,11 @@ class PassFlow
$where = ' "granularity"='."'hourly' ";
$groupsWhere = null;
$groupsId = [];
if (!empty($param)) {
if (!empty($param['groupsId'])) {
$groupsId = explode("|",$param['groupsId']);
if (!empty($param['type'])) {
if (!in_array($param['type'],self::$groupType)) return ['code' => 0, 'msg' => 'type字段参数错误'];
$groupsId = self::getGroupIds($dm,$param['type']);
$groupsWhere = ['groupId' => $groupsId];
$where .= ' and "groupId" in (' . "'" . implode("','",$groupsId) . "')";
}
@ -448,7 +464,7 @@ class PassFlow
'list' => $listData
];
}
if(empty($param['groupsId'])){
if(empty($groupsId)){
$data = self::getLibraryGroupHoursList($dm,false,$data);
}
return $data;
@ -547,8 +563,9 @@ class PassFlow
$where = ' "granularity"='."'hourly' ";
if (!empty($param)) {
if (!empty($param['groupsId'])) {
$groupsId = explode("|",$param['groupsId']);
if (!empty($param['type'])) {
if (!in_array($param['type'], self::$groupType)) return ['code' => 0, 'msg' => 'type字段参数错误'];
$groupsId = self::getGroupIds($dm, $param['type']);
$where .= ' and "groupId" in (' . "'" . implode("','",$groupsId) . "')";
}
}

Write Preview
Loading…
Cancel
Save