修复一些小问题

Signed-off-by: lixxxww <941403820@qq.com>
2026-04-23 02:48:34 +08:00 · 2024-01-22 09:59:15 +00:00
parent ae7cf745e4
commit 032b14d8ba
3 changed files with 31 additions and 15 deletions
--- a/pkg/tdengine/tdengine_table.go
+++ b/pkg/tdengine/tdengine_table.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"strconv"
 	"strings"
+
+	"github.com/kakuilan/kgo"
 )

 // RunSql 运行
@@ -20,19 +22,17 @@ func (s *TdEngine) InsertDevice(deviceKey string, data map[string]interface{}) e
 	}

 	var (
-		field        []string
-		value        []interface{}
-		placeholders []string
+		field = []string{}
+		value = []string{}
 	)

 	for k, v := range data {
 		field = append(field, k)
-		value = append(value, v)
-		placeholders = append(placeholders, "?")
+		value = append(value, "'"+kgo.KConv.ToStr(v)+"'")
 	}
-
-	sql := fmt.Sprintf("INSERT INTO %s (%s) VALUES (%s)", strings.ToLower(deviceKey), strings.Join(field, ","), strings.Join(placeholders, ","))
-	_, err := s.db.Exec(sql, value...)
+	// 存在sql注入隐患，在之后的提交修复
+	sql := "INSERT INTO ? (?) VALUES (?)"
+	_, err := s.db.Exec(sql, strings.ToLower(deviceKey), strings.Join(field, ","), strings.Join(value, ","))

 	return err
 }