修复设备数据回传的sql语句注入隐患

Signed-off-by: lixxxww <941403820@qq.com>
This commit is contained in:
lixxxww
2024-01-22 03:23:52 +00:00
committed by Gitee
parent cc320ca49d
commit 13850dfe6b

View File

@@ -18,8 +18,8 @@ func (s *TdEngine) CreateLogStable() (err error) {
// InsertLog 写入数据
func (s *TdEngine) InsertLog(log *TdLog) (err error) {
sql := "INSERT INTO ? USING device_log TAGS ('?') VALUES ('?', '?', '?')"
_, err = s.db.Exec(sql, "log_"+log.Device, log.Device, log.Ts, log.Type, log.Content)
sql := "INSERT INTO log_? USING device_log TAGS (?) VALUES (?, ?, ?)"
_, err = s.db.Exec(sql, log.Device, log.Device, log.Ts, log.Type, log.Content)
return
}