Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

重大bug:in 空数组、集合进行全表处理的问题 #14

Open
wjxjasin opened this issue Jan 8, 2025 · 4 comments
Open

重大bug:in 空数组、集合进行全表处理的问题 #14

wjxjasin opened this issue Jan 8, 2025 · 4 comments

Comments

@wjxjasin
Copy link

wjxjasin commented Jan 8, 2025

版本1.1.2
问题:
示例代码:
@test
fun testQuery() {
val numbers = mutableListOf()
log.info("方式一")
query {
select(Test::waybillNumber)
where(
Test::waybillNumber.in(numbers)
)
}

    log.info("方式二")
    val queryWrapper = QueryWrapper.create().select(Test::waybillNumber)
        .`in`(Test::waybillNumber, numbers)
    mapper.selectListByQuery(queryWrapper)
}

问题:
方式一的方式传入的numbers为空数组、集合时候会进行全表查询
方式二的方式这会正常报错

方式一这种处理方式很危险,一旦传入空数组、集合就会进行全表查询,测试在使用修改语句的时候也会进行全表修改,风险特别大
原因是默认进行了空判断把条件过滤了

方式二则正常报错,规避了这个风险
@KAMO030
Copy link
Owner

KAMO030 commented Jan 8, 2025
edited
Loading

您好,这个是因为包了一层where导致的:

val queryWrapper = QueryWrapper.create().select(Account::age, Account::userName)
            .where(Account::age.`in`(listOf()))

mapper<AccountMapper>().selectListByQuery(queryWrapper)
// SELECT `age`, `user_name` FROM `tb_account`
query<Account> {
      select(Account::id, Account::userName)
       this.`in`(Account::age,)
}
// SELECT `id`, `user_name` FROM `tb_account` WHERE `age` IN ()

属性的in和qw的in不一样:
属性的in flex和flex-kt的处理逻辑保持一致

 public QueryCondition in(Object... value) {
        return QueryColumnBehavior.shouldIgnoreValue(value) ? QueryCondition.createEmpty() : this.in_(value);
    }
infix fun QueryColumn.inList(others: Collection<Comparable<*>>): QueryCondition {
    if (others.isEmpty()) {
        return emptyCondition()
    }
    return if (others.size == 1) this.eq(others.first()) else this.`in`(others)
}

qw的in:

    public <T> R in(LambdaGetter<T> column, Object... values) {
        this.and(QueryMethods.column(column).in(values, true));
        return (R)this;
    }
    public QueryCondition in(Object[] value, boolean isEffective) {
        return !isEffective ? QueryCondition.createEmpty() : this.in_(value);
    }

@wjxjasin
Copy link
Author

wjxjasin commented Jan 8, 2025

flex没有这种用法
val queryWrapper = QueryWrapper.create().select(Account::age, Account::userName)
.where(Account::age.in(listOf()))

正确的是
val queryWrapper = QueryWrapper.create().select(Account::age, Account::userName)
.where(Account::age).in(listOf())

但是flex的这种用法也没有问题,会报错,上面的用法还是扩展包的用法会有问题

@KAMO030
Copy link
Owner

KAMO030 commented Jan 8, 2025
edited
Loading

Account::age.in调用的是QueryColumn的逻辑也是Apt生成的字段的逻辑,非扩展包的用法也会有问题

QueryWrapper.create().select(Account::age, Account::userName)
            .where(QueryColumn("age").`in`(listOf<Int>()))
// SELECT `age`, `user_name` FROM `tb_account`

并且通过以您说的正确方法写的他也是错的

val queryWrapper = QueryWrapper.create().select(Account::age, Account::userName)
            .where(Account::id).`in`(listOf<Int>())
// SELECT `age`, `user_name` FROM `tb_account`

因为他内部还是调用的QueryColumn的in逻辑:

    public Wrapper in(Collection<?> value) {
        this.addWhereQueryCondition(this.queryColumn.in(value));
        return this.queryWrapper;
    }

@KAMO030
Copy link
Owner

KAMO030 commented Jan 8, 2025

确实有这个问题,已改

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@wjxjasin @KAMO030