W3Cschool
恭喜您成為首批注冊用戶
獲得88經(jīng)驗值獎勵
針對 ?update
和 ?delete
語句,作用: 阻止惡意的全表更新刪除
注入?MybatisPlusInterceptor
?類,并配置?BlockAttackInnerInterceptor
?攔截器
@Configuration
public class MybatisPlusConfig {
@Bean
public MybatisPlusInterceptor mybatisPlusInterceptor() {
MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
interceptor.addInnerInterceptor(new BlockAttackInnerInterceptor());
return interceptor;
}
}
測試示例(全表更新)
@SpringBootTest
public class QueryWrapperTest {
@Autowired
private UserService userService;
/**
+ SQL:UPDATE user SET name=?,email=?;
*/
@Test
public void test() {
User user = new User();
user.setId(999L);
user.setName("custom_name");
user.setEmail("xxx@mail.com");
// com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Prohibition of table update operation
userService.saveOrUpdate(user, null);
}
}
測試示例(部分更新)
@SpringBootTest
public class QueryWrapperTest {
@Autowired
private UserService userService;
/**
+ SQL:UPDATE user SET name=?, email=? WHERE id = ?;
*/
@Test
public void test() {
LambdaUpdateWrapper<User> wrapper = new LambdaUpdateWrapper<>();
wrapper.eq(User::getId, 1);
User user = new User();
user.setId(10L);
user.setName("custom_name");
user.setEmail("xxx@mail.com");
userService.saveOrUpdate(user, wrapper);
}}
Copyright©2021 w3cschool編程獅|閩ICP備15016281號-3|閩公網(wǎng)安備35020302033924號
違法和不良信息舉報電話:173-0602-2364|舉報郵箱:jubao@eeedong.com
掃描二維碼
下載編程獅App
編程獅公眾號
聯(lián)系方式:
更多建議: