潘钊 / control_service_data_Interface · Commits

Commit 1b24416bec36fd61f71d8eb1eacbb9e8df6063bc

Authored by 娄高锋
1 parent 5fb2e6f8
build: skipped

SQL注入漏洞;

Inline Side-by-side
Showing 1 changed file with 141 additions and 64 deletions
src/main/java/com/bsth/server_rs/bigdata/BigdataService.java
  View file @1b24416
@@ -103,9 +103,11 @@ public class BigdataService { @@ -103,9 +103,11 @@ public class BigdataService {
103 } 103 }
104 public Map<String, Long> getEndtime(String date){ 104 public Map<String, Long> getEndtime(String date){
105 Map<String, Long> map=new HashMap<String,Long>(); 105 Map<String, Long> map=new HashMap<String,Long>();
  106 + List<String> objList = new ArrayList<String>();
106 String sql="select xl,endtime from bsth_c_calc_count " 107 String sql="select xl,endtime from bsth_c_calc_count "
107 - + " where date='"+date+"' ";  
108 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 108 + + " where date = ? ";
  109 + objList.add(date);
  110 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
109 new RowMapper<Map<String, Object>>(){ 111 new RowMapper<Map<String, Object>>(){
110 @Override 112 @Override
111 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 113 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -203,13 +205,15 @@ public class BigdataService { @@ -203,13 +205,15 @@ public class BigdataService {
203 @GET 205 @GET
204 @Path("/line/company/{companyId}") 206 @Path("/line/company/{companyId}")
205 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) { 207 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) {
  208 + List<String> objList = new ArrayList<String>();
206 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 209 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
207 + " a.shanghai_linecode, a.nature from " 210 + " a.shanghai_linecode, a.nature from "
208 + " bsth_c_line a left join bsth_c_line_config b " 211 + " bsth_c_line a left join bsth_c_line_config b "
209 + " on a.id=b.line where " 212 + " on a.id=b.line where "
210 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 213 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
211 - + " and a.remove=0 and a.company = '"+companyId+"'";  
212 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 214 + + " and a.remove=0 and a.company = ?";
  215 + objList.add(companyId);
  216 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
213 new RowMapper<Map<String, Object>>(){ 217 new RowMapper<Map<String, Object>>(){
214 @Override 218 @Override
215 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 219 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -281,13 +285,15 @@ public class BigdataService { @@ -281,13 +285,15 @@ public class BigdataService {
281 @GET 285 @GET
282 @Path("/line/{lineCode}") 286 @Path("/line/{lineCode}")
283 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) { 287 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) {
  288 + List<String> objList = new ArrayList<String>();
284 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 289 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
285 + " a.shanghai_linecode, a.nature from " 290 + " a.shanghai_linecode, a.nature from "
286 + " bsth_c_line a left join bsth_c_line_config b " 291 + " bsth_c_line a left join bsth_c_line_config b "
287 + " on a.id=b.line where " 292 + " on a.id=b.line where "
288 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 293 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
289 - + " and a.remove=0 and a.line_code = '"+lineCode+"'";  
290 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 294 + + " and a.remove=0 and a.line_code = ?";
  295 + objList.add(lineCode);
  296 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
291 new RowMapper<Map<String, Object>>(){ 297 new RowMapper<Map<String, Object>>(){
292 @Override 298 @Override
293 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 299 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -359,13 +365,15 @@ public class BigdataService { @@ -359,13 +365,15 @@ public class BigdataService {
359 @GET 365 @GET
360 @Path("/line/level/{level}") 366 @Path("/line/level/{level}")
361 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) { 367 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) {
  368 + List<String> objList = new ArrayList<String>();
362 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 369 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
363 + " a.shanghai_linecode, a.nature from " 370 + " a.shanghai_linecode, a.nature from "
364 + " bsth_c_line a left join bsth_c_line_config b " 371 + " bsth_c_line a left join bsth_c_line_config b "
365 + " on a.id=b.line where " 372 + " on a.id=b.line where "
366 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 373 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
367 - + " and a.remove=0 and a.level = '"+level+"'";  
368 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 374 + + " and a.remove=0 and a.level = ?";
  375 + objList.add(level);
  376 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
369 new RowMapper<Map<String, Object>>(){ 377 new RowMapper<Map<String, Object>>(){
370 @Override 378 @Override
371 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 379 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -445,15 +453,18 @@ public class BigdataService { @@ -445,15 +453,18 @@ public class BigdataService {
445 @Path("/lineCar/{type}/date/{date}") 453 @Path("/lineCar/{type}/date/{date}")
446 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) { 454 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) {
447 String sql=""; 455 String sql="";
  456 + List<String> objList = new ArrayList<String>();
448 if(type.equals("all")){ 457 if(type.equals("all")){
449 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 458 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
450 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 459 + + " from bsth_c_calc_count t where t.date = ?";
  460 + objList.add(date);
451 } 461 }
452 if(type.equals("actual")){ 462 if(type.equals("actual")){
453 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 463 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
454 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 464 + + " from bsth_c_calc_count t where t.date = ?";
  465 + objList.add(date);
455 } 466 }
456 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 467 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
457 new RowMapper<Map<String, Object>>(){ 468 new RowMapper<Map<String, Object>>(){
458 @Override 469 @Override
459 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 470 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -478,18 +489,23 @@ public class BigdataService { @@ -478,18 +489,23 @@ public class BigdataService {
478 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date, 489 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date,
479 @PathParam("line") String line) { 490 @PathParam("line") String line) {
480 String sql=""; 491 String sql="";
  492 + List<String> objList = new ArrayList<String>();
481 if(type.equals("all")){ 493 if(type.equals("all")){
482 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 494 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
483 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
484 - + " and xl ='"+line+"'"; 495 + + " from bsth_c_calc_count t where t.date = ?"
  496 + + " and xl = ?";
  497 + objList.add(date);
  498 + objList.add(line);
485 } 499 }
486 if(type.equals("actual")){ 500 if(type.equals("actual")){
487 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 501 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
488 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
489 - + " and xl ='"+line+"'"; 502 + + " from bsth_c_calc_count t where t.date = ?"
  503 + + " and xl = ?";
  504 + objList.add(date);
  505 + objList.add(line);
490 506
491 } 507 }
492 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 508 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
493 new RowMapper<Map<String, Object>>(){ 509 new RowMapper<Map<String, Object>>(){
494 @Override 510 @Override
495 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 511 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -518,15 +534,18 @@ public class BigdataService { @@ -518,15 +534,18 @@ public class BigdataService {
518 @Path("/linePerson/{type}/date/{date}") 534 @Path("/linePerson/{type}/date/{date}")
519 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) { 535 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) {
520 String sql=""; 536 String sql="";
  537 + List<String> objList = new ArrayList<String>();
521 if(type.equals("all")){ 538 if(type.equals("all")){
522 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 539 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
523 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 540 + + " from bsth_c_calc_count t where t.date = ?";
  541 + objList.add(date);
524 } 542 }
525 if(type.equals("actual")){ 543 if(type.equals("actual")){
526 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 544 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
527 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 545 + + " from bsth_c_calc_count t where t.date = ?";
  546 + objList.add(date);
528 } 547 }
529 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 548 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
530 new RowMapper<Map<String, Object>>(){ 549 new RowMapper<Map<String, Object>>(){
531 @Override 550 @Override
532 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 551 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -555,17 +574,22 @@ public class BigdataService { @@ -555,17 +574,22 @@ public class BigdataService {
555 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date, 574 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date,
556 @PathParam("line") String line) { 575 @PathParam("line") String line) {
557 String sql=""; 576 String sql="";
  577 + List<String> objList = new ArrayList<String>();
558 if(type.equals("all")){ 578 if(type.equals("all")){
559 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 579 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
560 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
561 - + " and xl ='"+line+"'"; 580 + + " from bsth_c_calc_count t where t.date = ?"
  581 + + " and xl = ?";
  582 + objList.add(date);
  583 + objList.add(line);
562 } 584 }
563 if(type.equals("actual")){ 585 if(type.equals("actual")){
564 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 586 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
565 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
566 - + " and xl ='"+line+"'"; 587 + + " from bsth_c_calc_count t where t.date = ?"
  588 + + " and xl = ?";
  589 + objList.add(date);
  590 + objList.add(line);
567 } 591 }
568 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 592 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
569 new RowMapper<Map<String, Object>>(){ 593 new RowMapper<Map<String, Object>>(){
570 @Override 594 @Override
571 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 595 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -604,17 +628,20 @@ public class BigdataService { @@ -604,17 +628,20 @@ public class BigdataService {
604 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type, 628 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type,
605 @PathParam("date") String date) { 629 @PathParam("date") String date) {
606 String sql=""; 630 String sql="";
  631 + List<String> objList = new ArrayList<String>();
607 if(type.equals("all")){ 632 if(type.equals("all")){
608 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 633 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
609 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 634 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
610 - + " where t.date='"+date+"'"; 635 + + " where t.date = ?";
  636 + objList.add(date);
611 } 637 }
612 if(type.equals("actual")){ 638 if(type.equals("actual")){
613 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 639 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
614 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 640 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
615 - + " where t.date='"+date+"'"; 641 + + " where t.date = ?";
  642 + objList.add(date);
616 } 643 }
617 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 644 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
618 new RowMapper<Map<String, Object>>(){ 645 new RowMapper<Map<String, Object>>(){
619 @Override 646 @Override
620 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 647 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -641,17 +668,22 @@ public class BigdataService { @@ -641,17 +668,22 @@ public class BigdataService {
641 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type, 668 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type,
642 @PathParam("date") String date,@PathParam("line") String line) { 669 @PathParam("date") String date,@PathParam("line") String line) {
643 String sql=""; 670 String sql="";
  671 + List<String> objList = new ArrayList<String>();
644 if(type.equals("all")){ 672 if(type.equals("all")){
645 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 673 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
646 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t " 674 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t "
647 - + " where t.date='"+date+"' and xl='"+line+"'"; 675 + + " where t.date = ? and xl = ?";
  676 + objList.add(date);
  677 + objList.add(line);
648 } 678 }
649 if(type.equals("actual")){ 679 if(type.equals("actual")){
650 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 680 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
651 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 681 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
652 - + " where t.date='"+date+"' and xl='"+line+"'"; 682 + + " where t.date = ? and xl = ?";
  683 + objList.add(date);
  684 + objList.add(line);
653 } 685 }
654 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 686 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
655 new RowMapper<Map<String, Object>>(){ 687 new RowMapper<Map<String, Object>>(){
656 @Override 688 @Override
657 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 689 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -685,17 +717,20 @@ public class BigdataService { @@ -685,17 +717,20 @@ public class BigdataService {
685 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type, 717 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type,
686 @PathParam("date") String date) { 718 @PathParam("date") String date) {
687 String sql=""; 719 String sql="";
  720 + List<String> objList = new ArrayList<String>();
688 if(type.equals("all")){ 721 if(type.equals("all")){
689 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 722 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
690 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 723 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
691 - + " where t.date='"+date+"'"; 724 + + " where t.date = ?";
  725 + objList.add(date);
692 } 726 }
693 if(type.equals("actual")){ 727 if(type.equals("actual")){
694 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 728 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
695 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 729 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
696 - + " where t.date='"+date+"'"; 730 + + " where t.date = ?";
  731 + objList.add(date);
697 } 732 }
698 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 733 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
699 new RowMapper<Map<String, Object>>(){ 734 new RowMapper<Map<String, Object>>(){
700 @Override 735 @Override
701 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 736 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -735,17 +770,22 @@ public class BigdataService { @@ -735,17 +770,22 @@ public class BigdataService {
735 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type, 770 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type,
736 @PathParam("date") String date,@PathParam("line") String line) { 771 @PathParam("date") String date,@PathParam("line") String line) {
737 String sql=""; 772 String sql="";
  773 + List<String> objList = new ArrayList<String>();
738 if(type.equals("all")){ 774 if(type.equals("all")){
739 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 775 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
740 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 776 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
741 - + " where t.date='"+date+"' and xl ='"+line+"'"; 777 + + " where t.date = ? and xl = ?";
  778 + objList.add(date);
  779 + objList.add(line);
742 } 780 }
743 if(type.equals("actual")){ 781 if(type.equals("actual")){
744 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 782 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
745 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 783 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
746 - + " where t.date='"+date+"' and xl ='"+line+"'"; 784 + + " where t.date = ? and xl = ?";
  785 + objList.add(date);
  786 + objList.add(line);
747 } 787 }
748 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 788 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
749 new RowMapper<Map<String, Object>>(){ 789 new RowMapper<Map<String, Object>>(){
750 @Override 790 @Override
751 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 791 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -789,9 +829,11 @@ public class BigdataService { @@ -789,9 +829,11 @@ public class BigdataService {
789 @GET 829 @GET
790 @Path("/abnormal/executionRate/date/{date}") 830 @Path("/abnormal/executionRate/date/{date}")
791 public List<Map<String, Object>> executionRate(@PathParam("date") String date) { 831 public List<Map<String, Object>> executionRate(@PathParam("date") String date) {
  832 + List<String> objList = new ArrayList<String>();
792 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 833 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
793 - + " where t.date='"+date+"' and push_type in ('1','3')";  
794 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 834 + + " where t.date = ? and push_type in ('1','3')";
  835 + objList.add(date);
  836 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
795 new RowMapper<Map<String, Object>>(){ 837 new RowMapper<Map<String, Object>>(){
796 @Override 838 @Override
797 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 839 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -811,9 +853,11 @@ public class BigdataService { @@ -811,9 +853,11 @@ public class BigdataService {
811 @GET 853 @GET
812 @Path("/abnormal/firstAndLast/date/{date}") 854 @Path("/abnormal/firstAndLast/date/{date}")
813 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) { 855 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) {
  856 + List<String> objList = new ArrayList<String>();
814 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 857 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
815 - + " where t.date='"+date+"' and push_type in ('2','3')";  
816 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 858 + + " where t.date = ? and push_type in ('2','3')";
  859 + objList.add(date);
  860 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
817 new RowMapper<Map<String, Object>>(){ 861 new RowMapper<Map<String, Object>>(){
818 @Override 862 @Override
819 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 863 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1001,15 +1045,20 @@ public class BigdataService { @@ -1001,15 +1045,20 @@ public class BigdataService {
1001 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}") 1045 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}")
1002 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate, 1046 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate,
1003 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1047 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1048 + List<String> objList = new ArrayList<String>();
1004 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc," 1049 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc,"
1005 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs," 1050 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs,"
1006 + " sjdgbcs from bsth_c_calc_count " 1051 + " sjdgbcs from bsth_c_calc_count "
1007 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1052 + + " where date >= ? and date <= ?";
  1053 + objList.add(starDate);
  1054 + objList.add(endDate);
  1055 +
1008 if(!line.equals("all")){ 1056 if(!line.equals("all")){
1009 - sql +=" and xl='"+line+"'"; 1057 + sql +=" and xl = ?";
  1058 + objList.add(line);
1010 } 1059 }
1011 1060
1012 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1061 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1013 new RowMapper<Map<String, Object>>(){ 1062 new RowMapper<Map<String, Object>>(){
1014 @Override 1063 @Override
1015 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1064 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1045,23 +1094,28 @@ public class BigdataService { @@ -1045,23 +1094,28 @@ public class BigdataService {
1045 @Path("/findByCompany/{company}/date/{date}") 1094 @Path("/findByCompany/{company}/date/{date}")
1046 public List<Map<String, Object>> findByCompany(@PathParam("company") String company, 1095 public List<Map<String, Object>> findByCompany(@PathParam("company") String company,
1047 @PathParam("date") String date) { 1096 @PathParam("date") String date) {
  1097 + List<String> objList = new ArrayList<String>();
1048 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl" 1098 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl"
1049 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage " 1099 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage "
1050 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf," 1100 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf,"
1051 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ," 1101 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ,"
1052 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN " 1102 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN "
1053 - + " (SELECT * from bsth_c_calc_sheet where date='"+date+"') b on a.line_code=b.xl"  
1054 - + " left join (select * from bsth_c_calc_count where date='"+date+"') c on a.line_code=c.xl "  
1055 - + " left join (select * from bsth_c_calc_count where date='"+date+"' " 1103 + + " (SELECT * from bsth_c_calc_sheet where date = ?) b on a.line_code=b.xl"
  1104 + + " left join (select * from bsth_c_calc_count where date = ?) c on a.line_code=c.xl "
  1105 + + " left join (select * from bsth_c_calc_count where date = ? "
1056 + " and xl_name like '%机场%') d on a.line_code=d.xl " 1106 + " and xl_name like '%机场%') d on a.line_code=d.xl "
1057 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t " 1107 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t "
1058 + " where t.date is not null "; 1108 + " where t.date is not null ";
  1109 + objList.add(date);
  1110 + objList.add(date);
  1111 + objList.add(date);
1059 if(!company.equals("all")){ 1112 if(!company.equals("all")){
1060 - sql +=" and t.company='"+company+"'"; 1113 + sql +=" and t.company = ?";
  1114 + objList.add(company);
1061 } 1115 }
1062 sql +=" group by t.company,t.date"; 1116 sql +=" group by t.company,t.date";
1063 1117
1064 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1118 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1065 new RowMapper<Map<String, Object>>(){ 1119 new RowMapper<Map<String, Object>>(){
1066 @Override 1120 @Override
1067 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1121 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1086,43 +1140,54 @@ public class BigdataService { @@ -1086,43 +1140,54 @@ public class BigdataService {
1086 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd"); 1140 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
1087 String d=sdf.format(new Date()); 1141 String d=sdf.format(new Date());
1088 String sql=""; 1142 String sql="";
  1143 + List<String> objList = new ArrayList<String>();
1089 if(gs.equals("all")){ 1144 if(gs.equals("all")){
1090 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1145 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1091 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl," 1146 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl,"
1092 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1147 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1093 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1148 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1094 + " and b.xl in(select a.line_code from bsth_c_line a where " 1149 + " and b.xl in(select a.line_code from bsth_c_line a where "
1095 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x " 1150 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x "
1096 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1151 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1097 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1152 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1098 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1153 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1099 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date<'"+d+"' and " 1154 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1100 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1155 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1101 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 "; 1156 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 ";
  1157 + objList.add("%"+date+"%");
  1158 + objList.add(d);
  1159 + objList.add("%"+date+"%");
  1160 + objList.add(d);
1102 1161
1103 }else{ 1162 }else{
1104 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1163 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1105 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl," 1164 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl,"
1106 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1165 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1107 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1166 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1108 + " and b.xl in(select a.line_code from bsth_c_line a where " 1167 + " and b.xl in(select a.line_code from bsth_c_line a where "
1109 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x " 1168 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x "
1110 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1169 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1111 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1170 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1112 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1171 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1113 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date <'"+d+"' and " 1172 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1114 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1173 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1115 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 "; 1174 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 ";
  1175 + objList.add("%"+date+"%");
  1176 + objList.add(d);
  1177 + objList.add("%"+date+"%");
  1178 + objList.add(d);
1116 1179
1117 } 1180 }
1118 if(!gs.equals("all")){ 1181 if(!gs.equals("all")){
1119 - sql += " and x.gsdm='"+gs+"'"; 1182 + sql += " and x.gsdm = ?";
  1183 + objList.add(gs);
1120 } 1184 }
1121 1185
1122 if(!fgs.equals("all")){ 1186 if(!fgs.equals("all")){
1123 - sql += " and x.fgsdm='"+fgs+"'"; 1187 + sql += " and x.fgsdm = ?";
  1188 + objList.add(fgs);
1124 } 1189 }
1125 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1190 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1126 new RowMapper<Map<String, Object>>(){ 1191 new RowMapper<Map<String, Object>>(){
1127 @Override 1192 @Override
1128 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1193 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1150,14 +1215,18 @@ public class BigdataService { @@ -1150,14 +1215,18 @@ public class BigdataService {
1150 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1215 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1151 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate, 1216 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate,
1152 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1217 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1218 + List<String> objList = new ArrayList<String>();
1153 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc," 1219 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc,"
1154 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz," 1220 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz,"
1155 + " sjdgbcs from bsth_c_calc_count " 1221 + " sjdgbcs from bsth_c_calc_count "
1156 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1222 + + " where date >= ? and date <= ?";
  1223 + objList.add(starDate);
  1224 + objList.add(endDate);
1157 if(!line.equals("all")){ 1225 if(!line.equals("all")){
1158 - sql +=" and xl='"+line+"'"; 1226 + sql +=" and xl = ?";
  1227 + objList.add(line);
1159 } 1228 }
1160 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1229 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1161 new RowMapper<Map<String, Object>>(){ 1230 new RowMapper<Map<String, Object>>(){
1162 @Override 1231 @Override
1163 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1232 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1187,14 +1256,18 @@ public class BigdataService { @@ -1187,14 +1256,18 @@ public class BigdataService {
1187 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1256 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1188 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate, 1257 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate,
1189 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1258 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1259 + List<String> objList = new ArrayList<String>();
1190 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl," 1260 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl,"
1191 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , " 1261 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , "
1192 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet " 1262 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet "
1193 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1263 + + " where date >= ? and date <= ?";
  1264 + objList.add(starDate);
  1265 + objList.add(endDate);
1194 if(!line.equals("all")){ 1266 if(!line.equals("all")){
1195 - sql +=" and xl='"+line+"'"; 1267 + sql +=" and xl = ?";
  1268 + objList.add(line);
1196 } 1269 }
1197 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1270 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1198 new RowMapper<Map<String, Object>>(){ 1271 new RowMapper<Map<String, Object>>(){
1199 @Override 1272 @Override
1200 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1273 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1218,18 +1291,22 @@ public class BigdataService { @@ -1218,18 +1291,22 @@ public class BigdataService {
1218 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}") 1291 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}")
1219 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate, 1292 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate,
1220 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1293 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1294 + List<String> objList = new ArrayList<String>();
1221 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz," 1295 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz,"
1222 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz," 1296 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz,"
1223 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz," 1297 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz,"
1224 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz," 1298 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz,"
1225 + " jhszfcs,sjszfczds,szfczdl," 1299 + " jhszfcs,sjszfczds,szfczdl,"
1226 + " create_date from bsth_c_calc_count " 1300 + " create_date from bsth_c_calc_count "
1227 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1301 + + " where date >= ? and date <= ?";
  1302 + objList.add(starDate);
  1303 + objList.add(endDate);
1228 if(!line.equals("all")){ 1304 if(!line.equals("all")){
1229 - sql +=" and xl='"+line+"'"; 1305 + sql +=" and xl = ?";
  1306 + objList.add(line);
1230 } 1307 }
1231 1308
1232 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1309 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1233 new RowMapper<Map<String, Object>>(){ 1310 new RowMapper<Map<String, Object>>(){
1234 @Override 1311 @Override
1235 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1312 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {