waf parseSql的使用
由于85版本及以后做了SQL防注入改造,传过滤条件的时候不像以往那样直接拼SQL子句,而是需要穿一个filter的对象。对应的,前端提供了对应的获得filter的方法,源码详见wafall.js。这里只是列举一些常见的用法,具体的方法释义与参数说明,详见帮助系统上的文档《sql语句接口说明》
- 获取filter(waf.parseSql.getFilter)
例1:name = ‘123’
waf.parseSql.getFilter("name", "=", "123")
例2:name like ‘123%’
waf.parseSql.getFilter("name", "like", "123%")
例3:name = ‘00001’ or name = ‘00002’
waf.parseSql.getFilter("number", "=", ["00001","00002"], "or")
例4:billStatus = 3 and billDate >= ‘2020-10-04’ and billDate <= ‘2020-10-06’
waf.parseSql.getFilter(['billStatus','billDate','billDate'], ['=','>=','<='], [3,'2020-10-04','2020-10-06'], '#1and#2and#3')
例5:number in (‘00001’,’00002’)
waf.parseSql.getFilter("number","in",["00001","00002"]) // 注意:当第二个参数含有in时,第二个参数不能传数组
- 合并filter(waf.parseSql.mergeFilter)
定义一些filter:
var a = waf.parseSql.getFilter("a", "=", 1);
var b = waf.parseSql.getFilter("b", "=", 2);
var c = waf.parseSql.getFilter("c", "=", 3);
例1:a = 1 and b = 2
waf.parseSql.mergeFilter([a,b],"and")
例2:a = 1 and b = 2 or c = 3
waf.parseSql.mergeFilter([a,b,c],"#1and#2or#3")
例3:a = 1 and (b = 2 or c = 3)
var temp = waf.parseSql.mergeFilter([b,c],"or");
var filter = waf.parseSql.mergeFilter([a,temp],"and");
- 替换条件(waf.parseSql.replaceFilter)
例:把filter中的所有number = ‘00001’ 过滤条件改成 number = ‘00002’
var temp = waf.parseSql.getFilter("number","=","00001");
waf.parseSql.replaceFilter(temp, ["number", "=", "00001"], ["number", "=", "00002"]);
- 删除条件(waf.parseSql.deleteFilter)
例:把filter中的所有number = ‘00001’ 过滤条件都删掉(注:当整个filter只有这一个过滤条件的时候是删不掉的,可能是个bug)
var temp = waf.parseSql.getFilter("number","=",["00001",”00002”]);
waf.parseSql.deleteFilter(temp, ["number","=","00001"]);
- 获取某个条件对应的值(waf.parseSql.getValue)
例:获取number的过滤条件的值
var temp = waf.parseSql.getFilter("number","=","00001");
waf.parseSql.getValue(temp, ["number", "="]) // “00001”
- 将传统filter转换为约定格式
