潘钊 / bsth_control · Commits

Commit 179055a5540ed3b8fd95c4b16b796b29af93581a

Authored by 娄高锋
1 parent da8632ab
build: skipped

改掉sql拼接(sql注入漏洞)

Inline Side-by-side
Showing 1 changed file with 229 additions and 247 deletions
src/main/java/com/bsth/service/report/impl/ReportServiceImpl.java
  View file @179055a
@@ -398,19 +398,22 @@ public class ReportServiceImpl implements ReportService{ @@ -398,19 +398,22 @@ public class ReportServiceImpl implements ReportService{
398 Map<String, Object> map=new HashMap<String,Object>(); 398 Map<String, Object> map=new HashMap<String,Object>();
399 // TODO Auto-generated method stub 399 // TODO Auto-generated method stub
400 400
  401 + List<String> objList = new ArrayList<String>();
  402 + objList.add(ttinfo);
  403 +
401 //查询配车 404 //查询配车
402 String sqlPc=" select count(*) from (select lp, count(*) from" 405 String sqlPc=" select count(*) from (select lp, count(*) from"
403 - + " bsth_c_s_ttinfo_detail where ttinfo ='"+ttinfo+"'" 406 + + " bsth_c_s_ttinfo_detail where ttinfo = ?"
404 + " group by lp ) a"; 407 + " group by lp ) a";
405 //配车 408 //配车
406 - int pcs=jdbcTemplate.queryForObject(sqlPc, Integer.class); 409 + int pcs=jdbcTemplate.queryForObject(sqlPc, objList.toArray(), Integer.class);
407 410
408 411
409 String sqlPlan=" SELECT jhlc,bc_type,fcsj FROM bsth_c_s_ttinfo_detail " 412 String sqlPlan=" SELECT jhlc,bc_type,fcsj FROM bsth_c_s_ttinfo_detail "
410 - +" where ttinfo ='"+ttinfo+"' "; 413 + +" where ttinfo = ? ";
411 414
412 //查询班次 415 //查询班次
413 - List<Map<String, Object>> listPlan= jdbcTemplate.query(sqlPlan, 416 + List<Map<String, Object>> listPlan= jdbcTemplate.query(sqlPlan, objList.toArray(),
414 new RowMapper<Map<String, Object>>(){ 417 new RowMapper<Map<String, Object>>(){
415 @Override 418 @Override
416 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 419 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -482,25 +485,33 @@ public class ReportServiceImpl implements ReportService{ @@ -482,25 +485,33 @@ public class ReportServiceImpl implements ReportService{
482 String minfcsj="02:00"; 485 String minfcsj="02:00";
483 List<Line> lineList=lineRepository.findLineByCode(line); 486 List<Line> lineList=lineRepository.findLineByCode(line);
484 if(lineList.size()>0){ 487 if(lineList.size()>0){
485 - String sql = "select count(*) from bsth_c_line_config where line = '"+lineList.get(0).getId()+"'";  
486 - if(jdbcTemplate.queryForObject(sql, Integer.class) > 0){ 488 + List<String> objList = new ArrayList<String>();
  489 + objList.add(lineList.get(0).getId() + "");
  490 + String sql = "select count(*) from bsth_c_line_config where line = ? ";
  491 + if(jdbcTemplate.queryForObject(sql, objList.toArray(), Integer.class) > 0){
487 String sqlMinYysj="select start_opt from bsth_c_line_config where " 492 String sqlMinYysj="select start_opt from bsth_c_line_config where "
488 + " id = (" 493 + " id = ("
489 - + "select max(id) from bsth_c_line_config where line ='"+lineList.get(0).getId() +"'" 494 + + "select max(id) from bsth_c_line_config where line = ? "
490 + ")"; 495 + ")";
491 - minfcsj=jdbcTemplate.queryForObject(sqlMinYysj, String.class); 496 + minfcsj=jdbcTemplate.queryForObject(sqlMinYysj, objList.toArray(), String.class);
492 } 497 }
493 } 498 }
494 String[] minSjs = minfcsj.split(":"); 499 String[] minSjs = minfcsj.split(":");
495 int minSj=Integer.parseInt(minSjs[0])*60+Integer.parseInt(minSjs[1]); 500 int minSj=Integer.parseInt(minSjs[0])*60+Integer.parseInt(minSjs[1]);
  501 +
  502 + List<String> objList = new ArrayList<String>();
  503 + objList.add(ttinfo);
  504 + objList.add(minfcsj);
  505 + objList.add(ttinfo);
  506 + objList.add(minfcsj);
496 //查询时间里程 507 //查询时间里程
497 String sqlPc=" (SELECT jhlc,fcsj,bc_type,bcsj,lp,2 as xh, ists FROM bsth_c_s_ttinfo_detail " 508 String sqlPc=" (SELECT jhlc,fcsj,bc_type,bcsj,lp,2 as xh, ists FROM bsth_c_s_ttinfo_detail "
498 - + " where ttinfo ='"+ttinfo+"' and fcsj <='"+minfcsj+"' ) " 509 + + " where ttinfo = ? and fcsj <= ? ) "
499 + " union " 510 + " union "
500 + " (SELECT jhlc,fcsj,bc_type,bcsj,lp,1 as xh, ists FROM bsth_c_s_ttinfo_detail " 511 + " (SELECT jhlc,fcsj,bc_type,bcsj,lp,1 as xh, ists FROM bsth_c_s_ttinfo_detail "
501 - + " where ttinfo ='"+ttinfo+"' and fcsj > '"+minfcsj+"' ) order by lp,xh,fcsj"; 512 + + " where ttinfo = ? and fcsj > ? ) order by lp,xh,fcsj";
502 Map<String, Object> map=new HashMap<String,Object>(); 513 Map<String, Object> map=new HashMap<String,Object>();
503 - List<Map<String, Object>> list= jdbcTemplate.query(sqlPc, 514 + List<Map<String, Object>> list= jdbcTemplate.query(sqlPc, objList.toArray(),
504 new RowMapper<Map<String, Object>>(){ 515 new RowMapper<Map<String, Object>>(){
505 @Override 516 @Override
506 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 517 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -620,11 +631,13 @@ public class ReportServiceImpl implements ReportService{ @@ -620,11 +631,13 @@ public class ReportServiceImpl implements ReportService{
620 List<Map<String, Object>> list=new ArrayList<Map<String,Object>>(); 631 List<Map<String, Object>> list=new ArrayList<Map<String,Object>>();
621 List<Map<String, Object>> list_s=new ArrayList<Map<String,Object>>(); 632 List<Map<String, Object>> list_s=new ArrayList<Map<String,Object>>();
622 633
  634 + List<String> objList = new ArrayList<String>();
  635 + objList.add(ttinfo);
623 String sqlCl="SELECT lp cl_zbh,qdz_name,bc_type,fcsj,bcsj FROM" 636 String sqlCl="SELECT lp cl_zbh,qdz_name,bc_type,fcsj,bcsj FROM"
624 - + " bsth_c_s_ttinfo_detail WHERE ttinfo = '"+ttinfo+"' " 637 + + " bsth_c_s_ttinfo_detail WHERE ttinfo = ? "
625 + " AND (bc_type = 'normal' or bc_type='region') order by qdz_name"; 638 + " AND (bc_type = 'normal' or bc_type='region') order by qdz_name";
626 639
627 - List<Map<String, Object>> listj= jdbcTemplate.query(sqlCl, 640 + List<Map<String, Object>> listj= jdbcTemplate.query(sqlCl, objList.toArray(),
628 new RowMapper<Map<String, Object>>(){ 641 new RowMapper<Map<String, Object>>(){
629 @Override 642 @Override
630 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 643 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -638,10 +651,10 @@ public class ReportServiceImpl implements ReportService{ @@ -638,10 +651,10 @@ public class ReportServiceImpl implements ReportService{
638 } 651 }
639 }); 652 });
640 653
641 - String sqlZd="select qdz_name,bc_type from bsth_c_s_ttinfo_detail WHERE ttinfo = '"+ttinfo+"' " 654 + String sqlZd="select qdz_name,bc_type from bsth_c_s_ttinfo_detail WHERE ttinfo = ? "
642 + " AND (bc_type = 'normal' or bc_type='region') group by qdz_name ,bc_type " 655 + " AND (bc_type = 'normal' or bc_type='region') group by qdz_name ,bc_type "
643 + " order by qdz_name"; 656 + " order by qdz_name";
644 - List<Map<String, Object>> lists= jdbcTemplate.query(sqlZd, 657 + List<Map<String, Object>> lists= jdbcTemplate.query(sqlZd, objList.toArray(),
645 new RowMapper<Map<String, Object>>(){ 658 new RowMapper<Map<String, Object>>(){
646 @Override 659 @Override
647 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 660 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -803,27 +816,34 @@ public class ReportServiceImpl implements ReportService{ @@ -803,27 +816,34 @@ public class ReportServiceImpl implements ReportService{
803 String minfcsj="02:00"; 816 String minfcsj="02:00";
804 List<Line> lineList=lineRepository.findLineByCode(line); 817 List<Line> lineList=lineRepository.findLineByCode(line);
805 if(lineList.size()>0){ 818 if(lineList.size()>0){
806 - String sql = "select count(*) from bsth_c_line_config where line = '"+lineList.get(0).getId()+"'";  
807 - if(jdbcTemplate.queryForObject(sql, Integer.class) > 0){ 819 + List<String> objList = new ArrayList<String>();
  820 + objList.add(lineList.get(0).getId() + "");
  821 + String sql = "select count(*) from bsth_c_line_config where line = ? ";
  822 + if(jdbcTemplate.queryForObject(sql, objList.toArray(), Integer.class) > 0){
808 String sqlMinYysj="select start_opt from bsth_c_line_config where " 823 String sqlMinYysj="select start_opt from bsth_c_line_config where "
809 + " id = (" 824 + " id = ("
810 - + "select max(id) from bsth_c_line_config where line ='"+lineList.get(0).getId() +"'" 825 + + "select max(id) from bsth_c_line_config where line = ?"
811 + ")"; 826 + ")";
812 - minfcsj=jdbcTemplate.queryForObject(sqlMinYysj, String.class); 827 + minfcsj=jdbcTemplate.queryForObject(sqlMinYysj, objList.toArray(), String.class);
813 } 828 }
814 } 829 }
815 830
  831 + List<String> objList = new ArrayList<String>();
  832 + objList.add(ttinfo);
  833 + objList.add(minfcsj);
  834 + objList.add(ttinfo);
  835 + objList.add(minfcsj);
816 //查询全程 836 //查询全程
817 String sqlqc="select t.* from ( " 837 String sqlqc="select t.* from ( "
818 + " (SELECT bc_type, fcsj,qdz,2 as xh,xl_dir,qdz_name FROM bsth_c_s_ttinfo_detail " 838 + " (SELECT bc_type, fcsj,qdz,2 as xh,xl_dir,qdz_name FROM bsth_c_s_ttinfo_detail "
819 - + " where ttinfo ='"+ttinfo+"' and (bc_type='normal' || bc_type='region') "  
820 - + " and fcsj <='"+minfcsj+"') " 839 + + " where ttinfo = ? and (bc_type='normal' || bc_type='region') "
  840 + + " and fcsj <= ?) "
821 + " union " 841 + " union "
822 + " (SELECT bc_type, fcsj,qdz,1 as xh,xl_dir,qdz_name FROM bsth_c_s_ttinfo_detail " 842 + " (SELECT bc_type, fcsj,qdz,1 as xh,xl_dir,qdz_name FROM bsth_c_s_ttinfo_detail "
823 - + " where ttinfo ='"+ttinfo+"' and (bc_type='normal' || bc_type='region') "  
824 - + " and fcsj > '"+minfcsj+"') " 843 + + " where ttinfo = ? and (bc_type='normal' || bc_type='region') "
  844 + + " and fcsj > ?) "
825 + "order by xl_dir,xh,fcsj ) t "; 845 + "order by xl_dir,xh,fcsj ) t ";
826 - List<Map<String, String>> qclist= jdbcTemplate.query(sqlqc, 846 + List<Map<String, String>> qclist= jdbcTemplate.query(sqlqc, objList.toArray(),
827 new RowMapper<Map<String, String>>(){ 847 new RowMapper<Map<String, String>>(){
828 @Override 848 @Override
829 public Map<String, String> mapRow(ResultSet rs, int rowNum) throws SQLException { 849 public Map<String, String> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -895,30 +915,38 @@ public class ReportServiceImpl implements ReportService{ @@ -895,30 +915,38 @@ public class ReportServiceImpl implements ReportService{
895 String minfcsj="02:00"; 915 String minfcsj="02:00";
896 List<Line> lineList=lineRepository.findLineByCode(line); 916 List<Line> lineList=lineRepository.findLineByCode(line);
897 if(lineList.size()>0){ 917 if(lineList.size()>0){
898 - String sql = "select count(*) from bsth_c_line_config where line = '"+lineList.get(0).getId()+"'";  
899 - if(jdbcTemplate.queryForObject(sql, Integer.class) > 0){ 918 + List<String> objList = new ArrayList<String>();
  919 + objList.add(lineList.get(0).getId() + "");
  920 + String sql = "select count(*) from bsth_c_line_config where line = ? ";
  921 + if(jdbcTemplate.queryForObject(sql, objList.toArray(), Integer.class) > 0){
900 String sqlMinYysj="select start_opt from bsth_c_line_config where " 922 String sqlMinYysj="select start_opt from bsth_c_line_config where "
901 + " id = (" 923 + " id = ("
902 - + "select max(id) from bsth_c_line_config where line ='"+lineList.get(0).getId() +"'" 924 + + "select max(id) from bsth_c_line_config where line = ?"
903 + ")"; 925 + ")";
904 - minfcsj= jdbcTemplate.queryForObject(sqlMinYysj, String.class); 926 + minfcsj= jdbcTemplate.queryForObject(sqlMinYysj, objList.toArray(), String.class);
905 } 927 }
906 } 928 }
907 String[] minSjs = minfcsj.split(":"); 929 String[] minSjs = minfcsj.split(":");
908 int minSj=Integer.parseInt(minSjs[0])*60+Integer.parseInt(minSjs[1]); 930 int minSj=Integer.parseInt(minSjs[0])*60+Integer.parseInt(minSjs[1]);
  931 +
  932 + List<String> objList = new ArrayList<String>();
  933 + objList.add(ttinfo);
  934 + objList.add(minfcsj);
  935 + objList.add(ttinfo);
  936 + objList.add(minfcsj);
909 //查询时间里程 937 //查询时间里程
910 String sqlPc=" (SELECT jhlc,fcsj,bcsj,bc_type,lp,xl_dir,ists,2 as xh FROM " 938 String sqlPc=" (SELECT jhlc,fcsj,bcsj,bc_type,lp,xl_dir,ists,2 as xh FROM "
911 - + " bsth_c_s_ttinfo_detail where ttinfo ='"+ttinfo+"' and "  
912 - + " fcsj <='"+minfcsj+"' and bc_type!='ldks'" 939 + + " bsth_c_s_ttinfo_detail where ttinfo = ? and "
  940 + + " fcsj <= ? and bc_type!='ldks'"
913 + " and bc_type !='region' and bc_type !='venting' and bc_type !='major') " 941 + " and bc_type !='region' and bc_type !='venting' and bc_type !='major') "
914 + " union " 942 + " union "
915 + " (SELECT jhlc,fcsj,bcsj,bc_type,lp,xl_dir,ists,1 as xh FROM " 943 + " (SELECT jhlc,fcsj,bcsj,bc_type,lp,xl_dir,ists,1 as xh FROM "
916 - + " bsth_c_s_ttinfo_detail where ttinfo ='"+ttinfo+"' and "  
917 - + " fcsj > '"+minfcsj+"' and bc_type!='ldks' " 944 + + " bsth_c_s_ttinfo_detail where ttinfo = ? and "
  945 + + " fcsj > ? and bc_type!='ldks' "
918 + " and bc_type !='region' and bc_type !='venting' and bc_type !='major') " 946 + " and bc_type !='region' and bc_type !='venting' and bc_type !='major') "
919 + " order by xh, lp,fcsj"; 947 + " order by xh, lp,fcsj";
920 Map<String, Object> map=new HashMap<String,Object>(); 948 Map<String, Object> map=new HashMap<String,Object>();
921 - List<Map<String, Object>> list= jdbcTemplate.query(sqlPc, 949 + List<Map<String, Object>> list= jdbcTemplate.query(sqlPc, objList.toArray(),
922 new RowMapper<Map<String, Object>>(){ 950 new RowMapper<Map<String, Object>>(){
923 @Override 951 @Override
924 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 952 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1629,15 +1657,17 @@ public class ReportServiceImpl implements ReportService{ @@ -1629,15 +1657,17 @@ public class ReportServiceImpl implements ReportService{
1629 List<Map<String, Object>> list = new ArrayList<Map<String, Object>>(); 1657 List<Map<String, Object>> list = new ArrayList<Map<String, Object>>();
1630 String line = map.get("line").toString(); 1658 String line = map.get("line").toString();
1631 try { 1659 try {
1632 - String sql = "select tt.id, tt.name from bsth_c_s_ttinfo tt "  
1633 - + "left join bsth_c_line cl on cl.id = tt.xl " 1660 + List<String> objList = new ArrayList<String>();
  1661 + String sql = "select tt.id, tt.name from bsth_c_s_ttinfo tt"
  1662 + + " left join bsth_c_line cl on cl.id = tt.xl"
1634 + " where tt.is_cancel = 0 and tt.is_enable_dis_template = 1"; 1663 + " where tt.is_cancel = 0 and tt.is_enable_dis_template = 1";
1635 if(line.length() != 0){ 1664 if(line.length() != 0){
1636 - sql += " and cl.line_code = '"+line+"'"; 1665 + sql += " and cl.line_code = ?";
  1666 + objList.add(line);
1637 } 1667 }
1638 sql += " order by tt.create_date desc"; 1668 sql += " order by tt.create_date desc";
1639 1669
1640 - list = jdbcTemplate.query(sql, 1670 + list = jdbcTemplate.query(sql, objList.toArray(),
1641 new RowMapper<Map<String, Object>>(){ 1671 new RowMapper<Map<String, Object>>(){
1642 @Override 1672 @Override
1643 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1673 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1654,81 +1684,6 @@ public class ReportServiceImpl implements ReportService{ @@ -1654,81 +1684,6 @@ public class ReportServiceImpl implements ReportService{
1654 return list; 1684 return list;
1655 } 1685 }
1656 1686
1657 - private List<ScheduleRealInfo> getListSinfo(Map<String, Object> map){  
1658 - List<ScheduleRealInfo> list =new ArrayList<ScheduleRealInfo>();  
1659 -  
1660 - String sql="select DISTINCT a.* from (select * from bsth_c_s_sp_info_real where 1=1 ";  
1661 - if(map.get("date")!=null){  
1662 - sql += " and schedule_date_str='"+map.get("date").toString()+"'";  
1663 - }  
1664 - if(map.get("line")!=null){  
1665 - if(map.get("line").toString()!=""){  
1666 - sql += " and xl_bm='"+map.get("line").toString()+"'";  
1667 - }  
1668 -  
1669 - }  
1670 - if(map.get("bcType")!=null){  
1671 - if(map.get("bcType").toString().equals("inout")){  
1672 - sql += " and bc_type in ('in','out')";  
1673 - }  
1674 -  
1675 - if(map.get("bcType").toString().equals("normal")){  
1676 - sql += " and bc_type not in ('in','out')";  
1677 - }  
1678 - }  
1679 -  
1680 - sql += " )a left join bsth_c_s_child_task b on a.id=b.schedule";  
1681 - list= jdbcTemplate.query(sql,  
1682 - new RowMapper<ScheduleRealInfo>(){  
1683 - @Override  
1684 - public ScheduleRealInfo mapRow(ResultSet rs, int rowNum) throws SQLException {  
1685 - ScheduleRealInfo m=new ScheduleRealInfo();  
1686 - m.setId(rs.getLong("id"));  
1687 -// m.setBcs();  
1688 -// m.setBcsj();  
1689 - m.setClZbh(rs.getString("cl_zbh"));  
1690 - m.setFcsj(rs.getString("fcsj"));  
1691 - m.setFcsjActual(rs.getString("fcsj_actual"));  
1692 - m.setjGh(rs.getString("j_gh"));  
1693 - m.setjName(rs.getString("j_name"));  
1694 - m.setJhlc(rs.getDouble("jhlc"));  
1695 - m.setLpName(rs.getString("lp_name"));  
1696 - m.setQdzCode(rs.getString("qdz_code"));  
1697 - m.setQdzName(rs.getString("qdz_name"));  
1698 - m.setRealExecDate(rs.getString("real_exec_date"));  
1699 - m.setRealMileage(rs.getDouble("real_mileage"));  
1700 - m.setRemarks(rs.getString("remarks"));  
1701 - m.setsGh(rs.getString("s_gh"));  
1702 - m.setsName(rs.getString("s_name"));  
1703 - m.setScheduleDate(rs.getDate("schedule_date"));  
1704 - m.setScheduleDateStr(rs.getString("schedule_date_str"));  
1705 - m.setSflj(rs.getBoolean("sflj"));  
1706 - m.setSpId(rs.getLong("sp_id"));  
1707 - m.setStatus(rs.getInt("status"));  
1708 - m.setXlBm(rs.getString("xl_bm"));  
1709 - m.setXlDir(rs.getString("xl_dir"));  
1710 - m.setXlName(rs.getString("xl_name"));  
1711 - m.setZdsj(rs.getString("zdsj"));  
1712 - m.setZdsjActual(rs.getString("zdsj_actual"));  
1713 - m.setZdzCode(rs.getString("zdz_code"));  
1714 - m.setZdzName(rs.getString("zdz_name"));  
1715 - m.setCcno(rs.getInt("ccno"));  
1716 - m.setDfAuto(rs.getBoolean("df_auto"));  
1717 - m.setFgsBm(rs.getString("fgs_bm"));  
1718 - m.setFgsName(rs.getString("fgs_name"));  
1719 - m.setGsBm(rs.getString("gs_bm"));  
1720 - m.setGsName(rs.getString("gs_name"));  
1721 - m.setOnline(rs.getBoolean("online"));  
1722 - m.setAdjustExps(rs.getString("adjust_exps"));  
1723 - m.setReissue(rs.getBoolean("reissue"));  
1724 - m.setJhlcOrig(rs.getDouble("jhlc_orig"));  
1725 - return m;  
1726 - }  
1727 - });  
1728 -  
1729 - return list;  
1730 - }  
1731 -  
1732 @Override 1687 @Override
1733 public List<Map<String, Object>> jobFwqk(Map<String, Object> map) { 1688 public List<Map<String, Object>> jobFwqk(Map<String, Object> map) {
1734 // TODO Auto-generated method stub 1689 // TODO Auto-generated method stub
@@ -2202,22 +2157,6 @@ public class ReportServiceImpl implements ReportService{ @@ -2202,22 +2157,6 @@ public class ReportServiceImpl implements ReportService{
2202 Date dates2=cal.getTime(); 2157 Date dates2=cal.getTime();
2203 date2=dates2.getTime(); 2158 date2=dates2.getTime();
2204 String d2=simpleDateFormat.format(dates2); 2159 String d2=simpleDateFormat.format(dates2);
2205 - /*String sql="select *,UNIX_TIMESTAMP(times) as ts from bsth_c_arrival_info where times >= '"+d1 +"'and "  
2206 - + " times <='"+d2+"' and line_id = '"+line+"' and up_down = '"+zd+"'"  
2207 - + " order by device_id,times";  
2208 -  
2209 - list =jdbcTemplate.query(sql, new RowMapper<ArrivalInfo>() {  
2210 - @Override  
2211 - public ArrivalInfo mapRow(ResultSet arg0, int arg1) throws SQLException {  
2212 - ArrivalInfo ai=new ArrivalInfo();  
2213 - ai.setInOut(arg0.getInt("in_out"));  
2214 - ai.setDeviceId(arg0.getString("device_id"));  
2215 - ai.setStopNo(arg0.getString("stop_no"));  
2216 - ai.setDates(arg0.getDate("times"));  
2217 - ai.setTs(arg0.getLong("ts")*1000);  
2218 - return ai;  
2219 - }  
2220 - });*/  
2221 2160
2222 Connection conn = null; 2161 Connection conn = null;
2223 PreparedStatement ps = null; 2162 PreparedStatement ps = null;
@@ -2371,11 +2310,13 @@ public class ReportServiceImpl implements ReportService{ @@ -2371,11 +2310,13 @@ public class ReportServiceImpl implements ReportService{
2371 String minfcsj="02:00"; 2310 String minfcsj="02:00";
2372 List<Line> lineList=lineRepository.findLineByCode(line); 2311 List<Line> lineList=lineRepository.findLineByCode(line);
2373 if(lineList.size()>0){ 2312 if(lineList.size()>0){
  2313 + List<String> objList = new ArrayList<String>();
  2314 + objList.add(lineList.get(0).getId() + "");
2374 String sqlMinYysj="select start_opt from bsth_c_line_config where " 2315 String sqlMinYysj="select start_opt from bsth_c_line_config where "
2375 + " id = (" 2316 + " id = ("
2376 - + "select max(id) from bsth_c_line_config where line ='"+lineList.get(0).getId() +"'" 2317 + + "select max(id) from bsth_c_line_config where line = ?"
2377 + ")"; 2318 + ")";
2378 - minfcsj= jdbcTemplate.queryForObject(sqlMinYysj, String.class); 2319 + minfcsj= jdbcTemplate.queryForObject(sqlMinYysj, objList.toArray(), String.class);
2379 } 2320 }
2380 List<ArrivalInfo> arrInfoList=this.load4(line, date, zd,minfcsj); 2321 List<ArrivalInfo> arrInfoList=this.load4(line, date, zd,minfcsj);
2381 2322
@@ -2940,31 +2881,28 @@ public class ReportServiceImpl implements ReportService{ @@ -2940,31 +2881,28 @@ public class ReportServiceImpl implements ReportService{
2940 } 2881 }
2941 //所有班次信息 2882 //所有班次信息
2942 List<ScheduleRealInfo> list = new ArrayList<ScheduleRealInfo>(); 2883 List<ScheduleRealInfo> list = new ArrayList<ScheduleRealInfo>();
2943 - line =line.trim();  
2944 - List<Line> lineList=lineRepository.findLineBygsBm(gsdm, fgsdm, "");  
2945 -// if(line.equals("")){  
2946 -// //查询所有线路  
2947 -// list = scheduleRealInfoRepository.scheduleByDateAndLineTj(line, date,date2,gsdm,fgsdm);  
2948 -// }else{  
2949 - //查询单条线路  
2950 -// list = scheduleRealInfoRepository.scheduleByDateAndLineTj2(line, date,date2);  
2951 -// }  
2952 - 2884 + line = line.trim();
2953 2885
  2886 + List<String> objList = new ArrayList<String>();
  2887 + objList.add(date);
  2888 + objList.add(date2);
2954 String sql="select r.xl_bm" 2889 String sql="select r.xl_bm"
2955 + " from bsth_c_s_sp_info_real r where" 2890 + " from bsth_c_s_sp_info_real r where"
2956 - + " r.schedule_date_str >= '"+date+"' and r.schedule_date_str >= '"+date2+"'"; 2891 + + " r.schedule_date_str >= ? and r.schedule_date_str >= ?";
2957 2892
2958 2893
2959 if(line.equals("")){ 2894 if(line.equals("")){
2960 - sql +="and r.gs_bm='"+gsdm+"' "  
2961 - + " and r.fgs_bm='"+fgsdm+"'"; 2895 + sql +=" and r.gs_bm = ?"
  2896 + + " and r.fgs_bm = ?";
  2897 + objList.add(gsdm);
  2898 + objList.add(fgsdm);
2962 }else{ 2899 }else{
2963 - sql += " and r.xl_bm = '"+line+"'"; 2900 + sql += " and r.xl_bm = ?";
  2901 + objList.add(line);
2964 } 2902 }
2965 - sql += " group by r.xl_bm"; 2903 + sql += " group by r.xl_bm";
2966 2904
2967 - List<String> listLine=jdbcTemplate.query(sql, new RowMapper<String>() { 2905 + List<String> listLine=jdbcTemplate.query(sql, objList.toArray(), new RowMapper<String>() {
2968 @Override 2906 @Override
2969 public String mapRow(ResultSet arg0, int arg1) throws SQLException { 2907 public String mapRow(ResultSet arg0, int arg1) throws SQLException {
2970 String ve = arg0.getString("xl_bm"); 2908 String ve = arg0.getString("xl_bm");
@@ -3167,36 +3105,56 @@ public class ReportServiceImpl implements ReportService{ @@ -3167,36 +3105,56 @@ public class ReportServiceImpl implements ReportService{
3167 //查询单条线路 3105 //查询单条线路
3168 list = scheduleRealInfoRepository.scheduleByDateAndLineTj2(line, date,date2); 3106 list = scheduleRealInfoRepository.scheduleByDateAndLineTj2(line, date,date2);
3169 } 3107 }
3170 - String ylbSql=" select * from bsth_c_ylb where rq BETWEEN '"+date+"' and '"+date2+"'"; 3108 +
  3109 + List<String> objList = new ArrayList<String>();
  3110 + objList.add(date);
  3111 + objList.add(date2);
  3112 + String ylbSql=" select * from bsth_c_ylb where rq BETWEEN ? and ?";
3171 if(line.equals("")){ 3113 if(line.equals("")){
3172 - ylbSql +="and ssgsdm='"+gsdm+"' "  
3173 - + " and fgsdm='"+fgsdm+"'"; 3114 + ylbSql +=" and ssgsdm = ?"
  3115 + + " and fgsdm = ?";
  3116 + objList.add(gsdm);
  3117 + objList.add(fgsdm);
3174 }else{ 3118 }else{
3175 - ylbSql += " and xlbm = '"+line+"'"; 3119 + ylbSql += " and xlbm = ?";
  3120 + objList.add(line);
3176 } 3121 }
3177 - List<Ylb> ylbList=ylbList(ylbSql);  
3178 - String dlbSql=" select * from bsth_c_dlb where rq BETWEEN '"+date+"' and '"+date2+"'"; 3122 + List<Ylb> ylbList = ylbList(ylbSql, objList);
  3123 +
  3124 + List<String> objList2 = new ArrayList<String>();
  3125 + objList2.add(date);
  3126 + objList2.add(date2);
  3127 + String dlbSql=" select * from bsth_c_dlb where rq BETWEEN ? and ?";
3179 if(line.equals("")){ 3128 if(line.equals("")){
3180 - dlbSql +="and ssgsdm='"+gsdm+"' "  
3181 - + " and fgsdm='"+fgsdm+"'"; 3129 + dlbSql +=" and ssgsdm = ?"
  3130 + + " and fgsdm = ?";
  3131 + objList2.add(gsdm);
  3132 + objList2.add(fgsdm);
3182 }else{ 3133 }else{
3183 - dlbSql += " and xlbm = '"+line+"'"; 3134 + dlbSql += " and xlbm = ?";
  3135 + objList2.add(line);
3184 } 3136 }
3185 - List<Dlb> dlbList=dlbList(dlbSql); 3137 + List<Dlb> dlbList=dlbList(dlbSql, objList2);
3186 List<Map<String, Object>> listGroupBy =null; 3138 List<Map<String, Object>> listGroupBy =null;
3187 String sql=""; 3139 String sql="";
3188 if(zt.equals("zbh")){ 3140 if(zt.equals("zbh")){
  3141 + List<String> objList3 = new ArrayList<String>();
  3142 + objList3.add(date);
  3143 + objList3.add(date2);
3189 sql+="select r.xl_bm,r.cl_zbh" 3144 sql+="select r.xl_bm,r.cl_zbh"
3190 + " from bsth_c_s_sp_info_real r where" 3145 + " from bsth_c_s_sp_info_real r where"
3191 - + " r.schedule_date_str BETWEEN '"+date+"' and '"+date2+"'"; 3146 + + " r.schedule_date_str BETWEEN ? and ?";
3192 if(line.equals("")){ 3147 if(line.equals("")){
3193 - sql +="and r.gs_bm='"+gsdm+"' "  
3194 - + " and r.fgs_bm='"+fgsdm+"'"; 3148 + sql +=" and r.gs_bm = ?"
  3149 + + " and r.fgs_bm = ?";
  3150 + objList3.add(gsdm);
  3151 + objList3.add(fgsdm);
3195 }else{ 3152 }else{
3196 - sql += " and r.xl_bm = '"+line+"'"; 3153 + sql += " and r.xl_bm = ?";
  3154 + objList3.add(line);
3197 } 3155 }
3198 - sql += " group by r.xl_bm,r.cl_zbh";  
3199 - listGroupBy=jdbcTemplate.query(sql, new RowMapper<Map<String, Object>>() { 3156 + sql += " group by r.xl_bm,r.cl_zbh";
  3157 + listGroupBy=jdbcTemplate.query(sql, objList3.toArray(), new RowMapper<Map<String, Object>>() {
3200 @Override 3158 @Override
3201 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 3159 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
3202 Map<String, Object> map=new HashMap<String,Object>(); 3160 Map<String, Object> map=new HashMap<String,Object>();
@@ -3206,17 +3164,23 @@ public class ReportServiceImpl implements ReportService{ @@ -3206,17 +3164,23 @@ public class ReportServiceImpl implements ReportService{
3206 } 3164 }
3207 }); 3165 });
3208 }else{ 3166 }else{
  3167 + List<String> objList4 = new ArrayList<String>();
  3168 + objList4.add(date);
  3169 + objList4.add(date2);
3209 sql+="select r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh" 3170 sql+="select r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh"
3210 + " from bsth_c_s_sp_info_real r where" 3171 + " from bsth_c_s_sp_info_real r where"
3211 - + " r.schedule_date_str BETWEEN '"+date+"' and '"+date2+"'"; 3172 + + " r.schedule_date_str BETWEEN ? and ?";
3212 if(line.equals("")){ 3173 if(line.equals("")){
3213 - sql +="and r.gs_bm='"+gsdm+"' "  
3214 - + " and r.fgs_bm='"+fgsdm+"'"; 3174 + sql +=" and r.gs_bm = ? "
  3175 + + " and r.fgs_bm = ?";
  3176 + objList4.add(gsdm);
  3177 + objList4.add(fgsdm);
3215 }else{ 3178 }else{
3216 - sql += " and r.xl_bm = '"+line+"'"; 3179 + sql += " and r.xl_bm = ?";
  3180 + objList4.add(line);
3217 } 3181 }
3218 - sql += " group by r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh";  
3219 - listGroupBy=jdbcTemplate.query(sql, new RowMapper<Map<String, Object>>() { 3182 + sql += " group by r.xl_bm,r.cl_zbh,r.j_gh,r.s_gh";
  3183 + listGroupBy=jdbcTemplate.query(sql, objList4.toArray(), new RowMapper<Map<String, Object>>() {
3220 @Override 3184 @Override
3221 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 3185 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
3222 Map<String, Object> map=new HashMap<String,Object>(); 3186 Map<String, Object> map=new HashMap<String,Object>();
@@ -3231,8 +3195,6 @@ public class ReportServiceImpl implements ReportService{ @@ -3231,8 +3195,6 @@ public class ReportServiceImpl implements ReportService{
3231 }); 3195 });
3232 } 3196 }
3233 3197
3234 -  
3235 -  
3236 3198
3237 for (int i = 0; i < listGroupBy.size(); i++) { 3199 for (int i = 0; i < listGroupBy.size(); i++) {
3238 Map<String, Object> m=listGroupBy.get(i); 3200 Map<String, Object> m=listGroupBy.get(i);
@@ -3392,8 +3354,8 @@ public class ReportServiceImpl implements ReportService{ @@ -3392,8 +3354,8 @@ public class ReportServiceImpl implements ReportService{
3392 return lMap; 3354 return lMap;
3393 } 3355 }
3394 3356
3395 - public final List<Ylb> ylbList(String sql){  
3396 - List<Ylb> ylbList= jdbcTemplate.query(sql, new RowMapper<Ylb>() { 3357 + public final List<Ylb> ylbList(String sql, List<String> objList){
  3358 + List<Ylb> ylbList= jdbcTemplate.query(sql, objList.toArray(), new RowMapper<Ylb>() {
3397 @Override 3359 @Override
3398 public Ylb mapRow(ResultSet arg0, int arg1) throws SQLException { 3360 public Ylb mapRow(ResultSet arg0, int arg1) throws SQLException {
3399 Ylb y = new Ylb(); 3361 Ylb y = new Ylb();
@@ -3411,8 +3373,8 @@ public class ReportServiceImpl implements ReportService{ @@ -3411,8 +3373,8 @@ public class ReportServiceImpl implements ReportService{
3411 return ylbList; 3373 return ylbList;
3412 } 3374 }
3413 3375
3414 - public final List<Dlb> dlbList(String sql){  
3415 - List<Dlb> dlbList= jdbcTemplate.query(sql, new RowMapper<Dlb>() { 3376 + public final List<Dlb> dlbList(String sql, List<String> objList){
  3377 + List<Dlb> dlbList= jdbcTemplate.query(sql, objList.toArray(), new RowMapper<Dlb>() {
3416 @Override 3378 @Override
3417 public Dlb mapRow(ResultSet arg0, int arg1) throws SQLException { 3379 public Dlb mapRow(ResultSet arg0, int arg1) throws SQLException {
3418 Dlb y = new Dlb(); 3380 Dlb y = new Dlb();
@@ -3562,15 +3524,19 @@ public class ReportServiceImpl implements ReportService{ @@ -3562,15 +3524,19 @@ public class ReportServiceImpl implements ReportService{
3562 } 3524 }
3563 SimpleDateFormat sdf=new SimpleDateFormat("yyyy-MM-dd HH:mm"); 3525 SimpleDateFormat sdf=new SimpleDateFormat("yyyy-MM-dd HH:mm");
3564 // Collections.sort(listInfo,new ComparableAcuals()); 3526 // Collections.sort(listInfo,new ComparableAcuals());
  3527 +
  3528 + List<String> objList = new ArrayList<String>();
3565 //查询所有线路 3529 //查询所有线路
3566 String xlSql="select line_code,spac_grade from bsth_c_line "; 3530 String xlSql="select line_code,spac_grade from bsth_c_line ";
3567 if(line.equals("")){ 3531 if(line.equals("")){
3568 - xlSql +=" where company ='"+gsbm+"'"; 3532 + xlSql +=" where company = ?";
  3533 + objList.add(gsbm);
3569 }else{ 3534 }else{
3570 - xlSql +=" where line_code ='"+line+"'"; 3535 + xlSql +=" where line_code = ?";
  3536 + objList.add(line);
3571 } 3537 }
3572 3538
3573 - List<Map<String, Object>> xlList=jdbcTemplate.query(xlSql, new RowMapper<Map<String, Object>>() { 3539 + List<Map<String, Object>> xlList=jdbcTemplate.query(xlSql, objList.toArray(), new RowMapper<Map<String, Object>>() {
3574 @Override 3540 @Override
3575 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 3541 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
3576 Map<String, Object> map=new HashMap<String,Object>(); 3542 Map<String, Object> map=new HashMap<String,Object>();
@@ -3815,10 +3781,14 @@ public class ReportServiceImpl implements ReportService{ @@ -3815,10 +3781,14 @@ public class ReportServiceImpl implements ReportService{
3815 String line =map.get("line").toString(); 3781 String line =map.get("line").toString();
3816 String date =map.get("date").toString(); 3782 String date =map.get("date").toString();
3817 String type =map.get("type").toString(); 3783 String type =map.get("type").toString();
3818 - DecimalFormat df = new DecimalFormat("#0.00"); 3784 + DecimalFormat df = new DecimalFormat("#0.00");
  3785 +
  3786 + List<String> objList = new ArrayList<String>();
  3787 + objList.add(date);
  3788 + objList.add(line);
3819 String sql="select cl_zbh from bsth_c_s_sp_info_real where " 3789 String sql="select cl_zbh from bsth_c_s_sp_info_real where "
3820 - + " schedule_date_str ='"+date+"' and xl_bm='"+line+"' group by cl_zbh";  
3821 - List<String> list= jdbcTemplate.query(sql, 3790 + + " schedule_date_str = ? and xl_bm = ? group by cl_zbh";
  3791 + List<String> list= jdbcTemplate.query(sql, objList.toArray(),
3822 new RowMapper<String>(){ 3792 new RowMapper<String>(){
3823 @Override 3793 @Override
3824 public String mapRow(ResultSet rs, int rowNum) throws SQLException { 3794 public String mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -3954,23 +3924,29 @@ public class ReportServiceImpl implements ReportService{ @@ -3954,23 +3924,29 @@ public class ReportServiceImpl implements ReportService{
3954 List<Singledata> list=new ArrayList<Singledata>(); 3924 List<Singledata> list=new ArrayList<Singledata>();
3955 List<Singledata> list_=new ArrayList<Singledata>(); 3925 List<Singledata> list_=new ArrayList<Singledata>();
3956 if(tjtype.equals("jsy")){ 3926 if(tjtype.equals("jsy")){
  3927 + List<String> objList = new ArrayList<String>();
  3928 + objList.add(startDate);
  3929 + objList.add(endDate);
3957 //油统计 3930 //油统计
3958 String sql="select r.j_gh, r.xl_bm,r.cl_zbh,r.fgs_bm" 3931 String sql="select r.j_gh, r.xl_bm,r.cl_zbh,r.fgs_bm"
3959 + " from bsth_c_s_sp_info_real r where " 3932 + " from bsth_c_s_sp_info_real r where "
3960 - + " r.schedule_date_str >= '"+startDate+"'"  
3961 - + " and r.schedule_date_str<='"+endDate+"'"; 3933 + + " r.schedule_date_str >= ?"
  3934 + + " and r.schedule_date_str <= ?";
3962 if(xlbm.length() != 0){ 3935 if(xlbm.length() != 0){
3963 - sql += " and r.xl_bm = '"+xlbm+"'"; 3936 + sql += " and r.xl_bm = ?";
  3937 + objList.add(xlbm);
3964 } 3938 }
3965 if(gsdm.length() != 0){ 3939 if(gsdm.length() != 0){
3966 - sql += " and r.gs_bm ='"+gsdm+"'"; 3940 + sql += " and r.gs_bm = ?";
  3941 + objList.add(gsdm);
3967 } 3942 }
3968 if(fgsdm.length() != 0){ 3943 if(fgsdm.length() != 0){
3969 - sql += " and r.fgs_bm ='"+fgsdm+"'"; 3944 + sql += " and r.fgs_bm = ?";
  3945 + objList.add(fgsdm);
3970 } 3946 }
3971 - sql += " group by r.j_gh,r.xl_bm,r.cl_zbh,r.fgs_bm order by r.xl_bm,r.cl_zbh"; 3947 + sql += " group by r.j_gh,r.xl_bm,r.cl_zbh,r.fgs_bm order by r.xl_bm,r.cl_zbh";
3972 3948
3973 - list = jdbcTemplate.query(sql, new RowMapper<Singledata>() { 3949 + list = jdbcTemplate.query(sql, objList.toArray(), new RowMapper<Singledata>() {
3974 @Override 3950 @Override
3975 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException { 3951 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException {
3976 Singledata sin = new Singledata(); 3952 Singledata sin = new Singledata();
@@ -3982,39 +3958,44 @@ public class ReportServiceImpl implements ReportService{ @@ -3982,39 +3958,44 @@ public class ReportServiceImpl implements ReportService{
3982 } 3958 }
3983 }); 3959 });
3984 3960
3985 - 3961 + List<String> objList2 = new ArrayList<String>();
  3962 + List<String> tempList2 = new ArrayList<String>();
  3963 + tempList2.add(startDate);
  3964 + tempList2.add(endDate);
3986 String linesql=""; 3965 String linesql="";
3987 if(!xlbm.equals("")){ 3966 if(!xlbm.equals("")){
3988 - linesql +=" and xlbm ='"+xlbm+"' "; 3967 + linesql +=" and xlbm = ?";
  3968 + tempList2.add(xlbm);
3989 } 3969 }
3990 if(!gsdm.equals("")){ 3970 if(!gsdm.equals("")){
3991 - linesql +=" and ssgsdm ='"+gsdm+"' "; 3971 + linesql +=" and ssgsdm = ?";
  3972 + tempList2.add(gsdm);
3992 } 3973 }
3993 if(!fgsdm.equals("")){ 3974 if(!fgsdm.equals("")){
3994 - linesql +=" and fgsdm ='"+fgsdm+"' "; 3975 + linesql +=" and fgsdm = ?";
  3976 + tempList2.add(fgsdm);
  3977 + }
  3978 +
  3979 + for(int i = 0; i < 2; i++){ // sql中使用两次重复参数
  3980 + for(String s : tempList2){
  3981 + objList2.add(s);
  3982 + }
3995 } 3983 }
3996 - /*String nysql="SELECT id,xlbm,nbbm,jsy,jzl as jzl,yh as yh,sh as sh,fgsdm FROM bsth_c_ylb"  
3997 - + " WHERE rq >= '"+startDate+"' and rq <='"+endDate+"'"  
3998 - + linesql  
3999 - + " union"  
4000 - + " SELECT id,xlbm,nbbm,jsy,cdl as jzl,hd as yh,sh as sh,fgsdm FROM bsth_c_dlb"  
4001 - + " WHERE rq = '"+startDate+"' and rq <='"+endDate+"'"  
4002 - + linesql;*/  
4003 3984
4004 String nysql="SELECT 'yh' as type,xlbm,nbbm,jsy,sum(jzl*1000)/1000 as jzl," 3985 String nysql="SELECT 'yh' as type,xlbm,nbbm,jsy,sum(jzl*1000)/1000 as jzl,"
4005 + " sum(yh*1000)/1000 as yh," 3986 + " sum(yh*1000)/1000 as yh,"
4006 + " sum(sh*1000)/1000 as sh FROM " 3987 + " sum(sh*1000)/1000 as sh FROM "
4007 - + "bsth_c_ylb where rq>='"+startDate+"' "  
4008 - + " and rq <='"+endDate+"' " +linesql 3988 + + "bsth_c_ylb where rq >= ? "
  3989 + + " and rq <= ? " +linesql
4009 + " group by xlbm ,nbbm,jsy " 3990 + " group by xlbm ,nbbm,jsy "
4010 + " union SELECT 'dh' as type,xlbm,nbbm,jsy, " 3991 + " union SELECT 'dh' as type,xlbm,nbbm,jsy, "
4011 + " sum(cdl*1000)/1000 as jzl,sum(hd*1000)/1000 as yh," 3992 + " sum(cdl*1000)/1000 as jzl,sum(hd*1000)/1000 as yh,"
4012 + " sum(sh * 1000) / 1000 AS sh" 3993 + " sum(sh * 1000) / 1000 AS sh"
4013 - + " FROM bsth_c_dlb where rq>='"+startDate+"' "  
4014 - + " and rq <='"+endDate+"'" +linesql 3994 + + " FROM bsth_c_dlb where rq >= ? "
  3995 + + " and rq <= ? " +linesql
4015 + " group by xlbm ,nbbm,jsy" ; 3996 + " group by xlbm ,nbbm,jsy" ;
4016 3997
4017 - List<Singledata> listNy = jdbcTemplate.query(nysql, new RowMapper<Singledata>() { 3998 + List<Singledata> listNy = jdbcTemplate.query(nysql, objList2.toArray(), new RowMapper<Singledata>() {
4018 @Override 3999 @Override
4019 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException { 4000 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException {
4020 Singledata sin = new Singledata(); 4001 Singledata sin = new Singledata();
@@ -4141,25 +4122,31 @@ public class ReportServiceImpl implements ReportService{ @@ -4141,25 +4122,31 @@ public class ReportServiceImpl implements ReportService{
4141 4122
4142 } 4123 }
4143 }else{ 4124 }else{
  4125 + List<String> objList3 = new ArrayList<String>();
  4126 + objList3.add(startDate);
  4127 + objList3.add(endDate);
4144 String sql="select r.s_gh,r.s_name, " 4128 String sql="select r.s_gh,r.s_name, "
4145 + " r.xl_bm,r.cl_zbh,r.gs_bm,r.fgs_bm" 4129 + " r.xl_bm,r.cl_zbh,r.gs_bm,r.fgs_bm"
4146 + " from bsth_c_s_sp_info_real r where " 4130 + " from bsth_c_s_sp_info_real r where "
4147 - + " r.schedule_date_str >= '"+startDate+"'"  
4148 - + " schedule_date_str <='"+endDate+"'" 4131 + + " r.schedule_date_str >= ?"
  4132 + + " schedule_date_str <= ?"
4149 + " and r.s_gh !='' and r.s_gh is not null "; 4133 + " and r.s_gh !='' and r.s_gh is not null ";
4150 if(!xlbm.equals("")){ 4134 if(!xlbm.equals("")){
4151 - sql += " and r.xl_bm = '"+xlbm+"'"; 4135 + sql += " and r.xl_bm = ?";
  4136 + objList3.add(xlbm);
4152 } 4137 }
4153 if(!gsdm.equals("")){ 4138 if(!gsdm.equals("")){
4154 - sql += " and r.gs_bm = '"+gsdm+"'"; 4139 + sql += " and r.gs_bm = ?";
  4140 + objList3.add(gsdm);
4155 } 4141 }
4156 if(!fgsdm.equals("")){ 4142 if(!fgsdm.equals("")){
4157 - sql += " and r.fgs_bm = '"+fgsdm+"'"; 4143 + sql += " and r.fgs_bm = ?";
  4144 + objList3.add(fgsdm);
4158 } 4145 }
4159 - sql += " group by r.s_gh,r.s_name," 4146 + sql += " group by r.s_gh,r.s_name,"
4160 + " r.xl_bm,r.cl_zbh,r.gs_bm,r.fgs_bm order by r.xl_bm,r.cl_zbh"; 4147 + " r.xl_bm,r.cl_zbh,r.gs_bm,r.fgs_bm order by r.xl_bm,r.cl_zbh";
4161 4148
4162 - list = jdbcTemplate.query(sql, new RowMapper<Singledata>() { 4149 + list = jdbcTemplate.query(sql, objList3.toArray(), new RowMapper<Singledata>() {
4163 //SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd"); 4150 //SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd");
4164 @Override 4151 @Override
4165 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException { 4152 public Singledata mapRow(ResultSet arg0, int arg1) throws SQLException {
@@ -4237,29 +4224,9 @@ public class ReportServiceImpl implements ReportService{ @@ -4237,29 +4224,9 @@ public class ReportServiceImpl implements ReportService{
4237 } 4224 }
4238 } 4225 }
4239 4226
4240 - /*Map<String, Boolean> lineNature = lineService.lineNature();  
4241 - List<Singledata> resList = new ArrayList<Singledata>();  
4242 - for(Singledata s : list_){  
4243 - String xlBm = s.getxL();  
4244 - if(sfyy.length() != 0){  
4245 - if(sfyy.equals("0")){  
4246 - resList.add(s);  
4247 - } else if(sfyy.equals("1")){  
4248 - if(lineNature.containsKey(xlBm) && lineNature.get(xlBm)){  
4249 - resList.add(s);  
4250 - }  
4251 - } else {  
4252 - if(lineNature.containsKey(xlBm) && !lineNature.get(xlBm)){  
4253 - resList.add(s);  
4254 - }  
4255 - }  
4256 - } else {  
4257 - resList.add(s);  
4258 - }  
4259 - }*/  
4260 4227
4261 4228
4262 - if (type.equals("export")) { 4229 + if (type.equals("export")) {
4263 List<Iterator<?>> listI = new ArrayList<Iterator<?>>(); 4230 List<Iterator<?>> listI = new ArrayList<Iterator<?>>();
4264 ReportUtils ee = new ReportUtils(); 4231 ReportUtils ee = new ReportUtils();
4265 4232
@@ -4340,22 +4307,27 @@ public class ReportServiceImpl implements ReportService{ @@ -4340,22 +4307,27 @@ public class ReportServiceImpl implements ReportService{
4340 listReal=scheduleRealInfoRepository.scheduleByDateAndLineQp(xlbm, date); 4307 listReal=scheduleRealInfoRepository.scheduleByDateAndLineQp(xlbm, date);
4341 } 4308 }
4342 4309
  4310 + List<String> objList = new ArrayList<String>();
  4311 + objList.add(date);
4343 String sql="select r.j_gh, r.xl_bm,r.cl_zbh,r.lp_name " 4312 String sql="select r.j_gh, r.xl_bm,r.cl_zbh,r.lp_name "
4344 + " from bsth_c_s_sp_info_real r where " 4313 + " from bsth_c_s_sp_info_real r where "
4345 - + " r.schedule_date_str = '"+date+"'"; 4314 + + " r.schedule_date_str = ?";
4346 if(xlbm.length() != 0){ 4315 if(xlbm.length() != 0){
4347 - sql += " and r.xl_bm = '"+xlbm+"'"; 4316 + sql += " and r.xl_bm = ?";
  4317 + objList.add(xlbm);
4348 } 4318 }
4349 if(gsdm.length() != 0){ 4319 if(gsdm.length() != 0){
4350 - sql += " and r.gs_bm ='"+gsdm+"'"; 4320 + sql += " and r.gs_bm = ?";
  4321 + objList.add(gsdm);
4351 } 4322 }
4352 if(fgsdm.length() != 0){ 4323 if(fgsdm.length() != 0){
4353 - sql += " and r.fgs_bm ='"+fgsdm+"'"; 4324 + sql += " and r.fgs_bm = ?";
  4325 + objList.add(fgsdm);
4354 } 4326 }
4355 - sql += " group by r.j_gh,r.xl_bm,r.cl_zbh,r.lp_name order by r.xl_bm,r.cl_zbh,r.lp_name"; 4327 + sql += " group by r.j_gh,r.xl_bm,r.cl_zbh,r.lp_name order by r.xl_bm,r.cl_zbh,r.lp_name";
4356 4328
4357 4329
4358 - List<Map<String, Object>> list = jdbcTemplate.query(sql, new RowMapper<Map<String,Object>>() { 4330 + List<Map<String, Object>> list = jdbcTemplate.query(sql, objList.toArray(), new RowMapper<Map<String,Object>>() {
4359 @Override 4331 @Override
4360 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 4332 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
4361 Map<String, Object> m=new HashMap<String, Object>(); 4333 Map<String, Object> m=new HashMap<String, Object>();
@@ -4425,22 +4397,27 @@ public class ReportServiceImpl implements ReportService{ @@ -4425,22 +4397,27 @@ public class ReportServiceImpl implements ReportService{
4425 } 4397 }
4426 List<Map<String, Object>> listAll=new ArrayList<Map<String,Object>>(); 4398 List<Map<String, Object>> listAll=new ArrayList<Map<String,Object>>();
4427 if(energy.equals("1")){ 4399 if(energy.equals("1")){
  4400 + List<String> objList1 = new ArrayList<String>();
  4401 + objList1.add(date);
4428 //油统计 4402 //油统计
4429 String ylbSql="select ssgsdm,fgsdm,xlbm,nbbm,jsy,ifnull(lp,'') as lp,czlc," 4403 String ylbSql="select ssgsdm,fgsdm,xlbm,nbbm,jsy,ifnull(lp,'') as lp,czlc,"
4430 + " czyl,jzl,jzlc,jzyl,yh,sh,shyy,rylx,ns,zlc,linename,jname " 4404 + " czyl,jzl,jzlc,jzyl,yh,sh,shyy,rylx,ns,zlc,linename,jname "
4431 - + " from bsth_c_ylb where rq='"+date+"'"; 4405 + + " from bsth_c_ylb where rq = ?";
4432 4406
4433 if(xlbm.length() != 0){ 4407 if(xlbm.length() != 0){
4434 - ylbSql += " and xlbm = '"+xlbm+"'"; 4408 + ylbSql += " and xlbm = ?";
  4409 + objList1.add(xlbm);
4435 } 4410 }
4436 if(gsdm.length() != 0){ 4411 if(gsdm.length() != 0){
4437 - ylbSql += " and ssgsdm ='"+gsdm+"'"; 4412 + ylbSql += " and ssgsdm = ?";
  4413 + objList1.add(gsdm);
4438 } 4414 }
4439 if(fgsdm.length() != 0){ 4415 if(fgsdm.length() != 0){
4440 - ylbSql += " and fgsdm ='"+fgsdm+"'"; 4416 + ylbSql += " and fgsdm = ?";
  4417 + objList1.add(fgsdm);
4441 } 4418 }
4442 ylbSql += " order by xlbm,nbbm,jcsx"; 4419 ylbSql += " order by xlbm,nbbm,jcsx";
4443 - listAll = jdbcTemplate.query(ylbSql, new RowMapper<Map<String,Object>>() { 4420 + listAll = jdbcTemplate.query(ylbSql, objList1.toArray(), new RowMapper<Map<String,Object>>() {
4444 @Override 4421 @Override
4445 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 4422 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
4446 Map<String, Object> m=new HashMap<String, Object>(); 4423 Map<String, Object> m=new HashMap<String, Object>();
@@ -4476,21 +4453,26 @@ public class ReportServiceImpl implements ReportService{ @@ -4476,21 +4453,26 @@ public class ReportServiceImpl implements ReportService{
4476 }); 4453 });
4477 4454
4478 }else{ 4455 }else{
  4456 + List<String> objList2 = new ArrayList<String>();
  4457 + objList2.add(date);
4479 //电统计 4458 //电统计
4480 String dlbSql="select ssgsdm,fgsdm,xlbm,nbbm,jsy,ifnull(lp,'') as lp,czlc," 4459 String dlbSql="select ssgsdm,fgsdm,xlbm,nbbm,jsy,ifnull(lp,'') as lp,czlc,"
4481 + " czcd,cdl,jzlc,jzcd,hd,sh,shyy,ns,zlc,linename,jname " 4460 + " czcd,cdl,jzlc,jzcd,hd,sh,shyy,ns,zlc,linename,jname "
4482 - + " from bsth_c_dlb where rq='"+date+"'"; 4461 + + " from bsth_c_dlb where rq = ?";
4483 if(xlbm.length() != 0){ 4462 if(xlbm.length() != 0){
4484 - dlbSql += " and xlbm = '"+xlbm+"'"; 4463 + dlbSql += " and xlbm = ?";
  4464 + objList2.add(xlbm);
4485 } 4465 }
4486 if(gsdm.length() != 0){ 4466 if(gsdm.length() != 0){
4487 - dlbSql += " and ssgsdm ='"+gsdm+"'"; 4467 + dlbSql += " and ssgsdm = ?";
  4468 + objList2.add(gsdm);
4488 } 4469 }
4489 if(fgsdm.length() != 0){ 4470 if(fgsdm.length() != 0){
4490 - dlbSql += " and fgsdm ='"+fgsdm+"'"; 4471 + dlbSql += " and fgsdm = ?";
  4472 + objList2.add(fgsdm);
4491 } 4473 }
4492 dlbSql += " order by xlbm,nbbm,jcsx"; 4474 dlbSql += " order by xlbm,nbbm,jcsx";
4493 - listAll = jdbcTemplate.query(dlbSql, new RowMapper<Map<String,Object>>() { 4475 + listAll = jdbcTemplate.query(dlbSql, objList2.toArray(), new RowMapper<Map<String,Object>>() {
4494 @Override 4476 @Override
4495 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException { 4477 public Map<String, Object> mapRow(ResultSet arg0, int arg1) throws SQLException {
4496 Map<String, Object> m=new HashMap<String, Object>(); 4478 Map<String, Object> m=new HashMap<String, Object>();