You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Vulnerability exists:
In the where condition section of the searchByKey SQL query statement, concatenating the keyword parameter directly and using it for the SQL LIKE operator can lead to SQL injection attacks Vulnerability recurrence:
Repair suggestions:
Use MyBatis's OGNL expression or precompiled parameter binding instead of string concatenation to avoid SQL injection. Here, replace ${keyword} with # {keyword}. MyBatis will automatically handle parameter binding and escape to effectively prevent SQL injection.
At the same time, the LIKE condition is optimized to keep one keyword that can match any position.
The text was updated successfully, but these errors were encountered:
Vulnerability exists:
In the where condition section of the searchByKey SQL query statement, concatenating the keyword parameter directly and using it for the SQL LIKE operator can lead to SQL injection attacks
Vulnerability recurrence:
Repair suggestions:
Use MyBatis's OGNL expression or precompiled parameter binding instead of string concatenation to avoid SQL injection. Here, replace ${keyword} with # {keyword}. MyBatis will automatically handle parameter binding and escape to effectively prevent SQL injection.
At the same time, the LIKE condition is optimized to keep one keyword that can match any position.
The text was updated successfully, but these errors were encountered: