public/PandaX
1
0
Fork 0
mirror of https://gitee.com/XM-GO/PandaX.git synced 2026-04-23 02:48:34 +08:00
Code Issues Packages Projects Releases Wiki Activity

修复设备数据回传的sql语句注入隐患

Browse Source 
Signed-off-by: lixxxww <941403820@qq.com>
This commit is contained in:
lixxxww
2024-01-22 03:23:52 +00:00
committed by Gitee
parent cc320ca49d
commit 13850dfe6b
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
pkg/tdengine/tdengine_log.go
View File

@@ -18,8 +18,8 @@ func (s *TdEngine) CreateLogStable() (err error) {
// InsertLog 写入数据
func (s *TdEngine) InsertLog(log *TdLog) (err error) {
sql := "INSERT INTO ? USING device_log TAGS ('?') VALUES ('?', '?', '?')"
_, err = s.db.Exec(sql, "log_"+log.Device, log.Device, log.Ts, log.Type, log.Content)
sql := "INSERT INTO log_? USING device_log TAGS (?) VALUES (?, ?, ?)"
_, err = s.db.Exec(sql, log.Device, log.Device, log.Ts, log.Type, log.Content)
return
}