public/PandaX
1
0
Fork 0
mirror of https://gitee.com/XM-GO/PandaX.git synced 2026-05-04 19:11:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

代码优化 / 修复sql注入漏洞

Browse Source 
Signed-off-by: lixxxww <941403820@qq.com>
This commit is contained in:
lixxxww
2024-01-22 08:07:57 +00:00
committed by Gitee
parent 6281a30881
commit b18658eee1
2 changed files with 51 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
pkg/tdengine/tdengine_log.go
View File

@@ -6,12 +6,7 @@ const logTableName = "device_log"
// CreateLogStable 添加LOG超级表
func (s *TdEngine) CreateLogStable() (err error) {
var name string
err = s.db.QueryRow("SELECT stable_name FROM information_schema.ins_stables WHERE stable_name = 'device_log' LIMIT 1").Scan(&name)
if name != "" {
return
}
sql := "CREATE STABLE device_log (ts TIMESTAMP, type VARCHAR(20), content VARCHAR(1000)) TAGS (device VARCHAR(255))"
sql := "CREATE STABLE IF NOT EXISTS device_log (ts TIMESTAMP, type VARCHAR(20), content VARCHAR(1000)) TAGS (device VARCHAR(255))"
_, err = s.db.Exec(sql)
return
}
@@ -28,8 +23,8 @@ func (s *TdEngine) InsertLog(log *TdLog) (err error) {
func (s *TdEngine) ClearLog() (err error) {
ts := time.Now().Add(-7 * 24 * time.Hour).Format("2006-01-02")
sql := "DELETE FROM device_log WHERE ts < '" + ts + "'"
_, err = s.db.Exec(sql)
sql := "DELETE FROM device_log WHERE ts < ?"
_, err = s.db.Exec(sql, ts)
return
}