Query.java
1.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
package com.gxb.common.utils;
import com.gxb.common.xss.SQLFilter;
import org.apache.commons.lang.StringUtils;
import java.util.LinkedHashMap;
import java.util.Map;
/**
* 查询参数
*
* @author chenshun
* @email sunlightcs@gmail.com
* @date 2017-03-14 23:15
*/
public class Query extends LinkedHashMap<String, Object> {
private static final long serialVersionUID = 1L;
//当前页码
private int page;
//每页条数
private int limit;
public Query(Map<String, Object> params){
this.putAll(params);
//分页参数
this.page = Integer.parseInt(params.get("page").toString());
this.limit = Integer.parseInt(params.get("limit").toString());
this.put("offset", (page - 1) * limit);
this.put("page", page);
this.put("limit", limit);
//防止SQL注入(因为sidx、order是通过拼接SQL实现排序的,会有SQL注入风险)
String sidx = (String)params.get("sidx");
String order = (String)params.get("order");
if(StringUtils.isNotBlank(sidx)){
this.put("sidx", SQLFilter.sqlInject(sidx));
}
if(StringUtils.isNotBlank(order)){
this.put("order", SQLFilter.sqlInject(order));
}
}
public int getPage() {
return page;
}
public void setPage(int page) {
this.page = page;
}
public int getLimit() {
return limit;
}
public void setLimit(int limit) {
this.limit = limit;
}
}