Skip to content

Commit e7c415e

Browse files
dragonpooludomikula
dragonpoo
authored and
ludomikula
committed
Fixed the issue that orderby parameter was replacing only first match.
1 parent b839e65 commit e7c415e

File tree

1 file changed

+35
-31
lines changed

1 file changed

+35
-31
lines changed

server/api-service/lowcoder-plugins/sqlBasedPlugin/src/main/java/org/lowcoder/plugin/sql/GeneralSqlExecutor.java

Lines changed: 35 additions & 31 deletions
Original file line numberDiff line numberDiff line change
@@ -149,44 +149,48 @@ private Pair<Statement, Boolean> getStatementAndExecute(Connection connection, S
149149
String sql = statementInput.getSql();
150150
List<Object> params = statementInput.getParams();
151151

152-
int orderByIndex = -1;
153-
String sortValue = null;
154-
for (int i = 0; i < params.size(); i++) {
155-
Object param = params.get(i);
156-
if (param instanceof Map<?, ?> map && map.containsKey("sort")) {
157-
orderByIndex = i; // Index of the ? to replace (0-based)
158-
sortValue = String.valueOf(map.get("sort")); // e.g., "ASC" or "DESC"
159-
break;
152+
int orderByIndex;
153+
String sortValue;
154+
do {
155+
orderByIndex = -1;
156+
sortValue = null;
157+
for (int i = 0; i < params.size(); i++) {
158+
Object param = params.get(i);
159+
if (param instanceof Map<?, ?> map && map.containsKey("sort")) {
160+
orderByIndex = i; // Index of the ? to replace (0-based)
161+
sortValue = String.valueOf(map.get("sort")); // e.g., "ASC" or "DESC"
162+
break;
163+
}
160164
}
161-
}
162165

163-
if (orderByIndex >= 0 && sortValue != null) {
164-
// Validate sortValue to prevent SQL injection
165-
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
166-
sortValue = "ASC"; // Default to ASC if invalid
167-
}
166+
if (orderByIndex >= 0 && sortValue != null) {
167+
// Validate sortValue to prevent SQL injection
168+
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
169+
sortValue = "ASC"; // Default to ASC if invalid
170+
}
168171

169-
// Split the SQL at the ? placeholders
170-
String[] sqlParts = sql.split("\\?", -1);
171-
if (orderByIndex < sqlParts.length - 1) {
172-
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
173-
StringBuilder newSql = new StringBuilder();
174-
for (int i = 0; i < sqlParts.length; i++) {
175-
newSql.append(sqlParts[i]);
176-
if (i < sqlParts.length - 1) {
177-
if (i == orderByIndex) {
178-
newSql.append(sortValue); // Insert ASC or DESC
179-
} else {
180-
newSql.append("?"); // Keep other placeholders
172+
// Split the SQL at the ? placeholders
173+
String[] sqlParts = sql.split("\\?", -1);
174+
if (orderByIndex < sqlParts.length - 1) {
175+
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
176+
StringBuilder newSql = new StringBuilder();
177+
for (int i = 0; i < sqlParts.length; i++) {
178+
newSql.append(sqlParts[i]);
179+
if (i < sqlParts.length - 1) {
180+
if (i == orderByIndex) {
181+
newSql.append(sortValue); // Insert ASC or DESC
182+
} else {
183+
newSql.append("?"); // Keep other placeholders
184+
}
181185
}
182186
}
183-
}
184-
sql = newSql.toString();
187+
sql = newSql.toString();
185188

186-
// Remove the Map from params since it's no longer a bind parameter
187-
params.remove(orderByIndex);
189+
// Remove the Map from params since it's no longer a bind parameter
190+
params.remove(orderByIndex);
191+
}
188192
}
189-
}
193+
} while(orderByIndex >= 0);
190194

191195
var statement = connection.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS);
192196

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy