修复：SQL语法漏洞

4 years ago · 6019fd9122
1 changed files with 6 additions and 4 deletions
--- a/epmet-user/epmet-user-server/src/main/resources/mapper/GovStaffRoleDao.xml
+++ b/epmet-user/epmet-user-server/src/main/resources/mapper/GovStaffRoleDao.xml
@ -132,11 +132,13 @@
            gov_staff_role
        WHERE
            DEL_FLAG = 0
        <if test="roleIds != null and roleIds.size() > 0">
            AND (
            <foreach collection="roleIds" item="roleId" separator=" OR ">
                ID = #{roleId}
            </foreach>
            )
        </if>
    </select>
    <select id="getStaffRoles" resultType="com.epmet.entity.GovStaffRoleEntity">
        SELECT