潘钊 / control_service_data_Interface · Commits

Commit a54c0b632cafa7875b0a9c1a7ead3b300678da1f

Authored by 娄高锋
1 parent 93858999
build: skipped

SQL注入漏洞;

Inline Side-by-side
Showing 1 changed file with 141 additions and 64 deletions
src/main/java/com/bsth/server_rs/bigdata/BigdataService.java
  View file @a54c0b6
@@ -142,9 +142,11 @@ public class BigdataService { @@ -142,9 +142,11 @@ public class BigdataService {
142 } 142 }
143 public Map<String, Long> getEndtime(String date){ 143 public Map<String, Long> getEndtime(String date){
144 Map<String, Long> map=new HashMap<String,Long>(); 144 Map<String, Long> map=new HashMap<String,Long>();
  145 + List<String> objList = new ArrayList<String>();
145 String sql="select xl,endtime from bsth_c_calc_count " 146 String sql="select xl,endtime from bsth_c_calc_count "
146 - + " where date='"+date+"' ";  
147 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 147 + + " where date = ? ";
  148 + objList.add(date);
  149 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
148 new RowMapper<Map<String, Object>>(){ 150 new RowMapper<Map<String, Object>>(){
149 @Override 151 @Override
150 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 152 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -242,13 +244,15 @@ public class BigdataService { @@ -242,13 +244,15 @@ public class BigdataService {
242 @GET 244 @GET
243 @Path("/line/company/{companyId}") 245 @Path("/line/company/{companyId}")
244 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) { 246 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) {
  247 + List<String> objList = new ArrayList<String>();
245 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 248 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
246 + " a.shanghai_linecode, a.nature from " 249 + " a.shanghai_linecode, a.nature from "
247 + " bsth_c_line a left join bsth_c_line_config b " 250 + " bsth_c_line a left join bsth_c_line_config b "
248 + " on a.id=b.line where " 251 + " on a.id=b.line where "
249 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 252 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
250 - + " and a.remove=0 and a.company = '"+companyId+"'";  
251 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 253 + + " and a.remove=0 and a.company = ?";
  254 + objList.add(companyId);
  255 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
252 new RowMapper<Map<String, Object>>(){ 256 new RowMapper<Map<String, Object>>(){
253 @Override 257 @Override
254 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 258 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -320,13 +324,15 @@ public class BigdataService { @@ -320,13 +324,15 @@ public class BigdataService {
320 @GET 324 @GET
321 @Path("/line/{lineCode}") 325 @Path("/line/{lineCode}")
322 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) { 326 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) {
  327 + List<String> objList = new ArrayList<String>();
323 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 328 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
324 + " a.shanghai_linecode, a.nature from " 329 + " a.shanghai_linecode, a.nature from "
325 + " bsth_c_line a left join bsth_c_line_config b " 330 + " bsth_c_line a left join bsth_c_line_config b "
326 + " on a.id=b.line where " 331 + " on a.id=b.line where "
327 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 332 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
328 - + " and a.remove=0 and a.line_code = '"+lineCode+"'";  
329 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 333 + + " and a.remove=0 and a.line_code = ?";
  334 + objList.add(lineCode);
  335 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
330 new RowMapper<Map<String, Object>>(){ 336 new RowMapper<Map<String, Object>>(){
331 @Override 337 @Override
332 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 338 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -398,13 +404,15 @@ public class BigdataService { @@ -398,13 +404,15 @@ public class BigdataService {
398 @GET 404 @GET
399 @Path("/line/level/{level}") 405 @Path("/line/level/{level}")
400 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) { 406 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) {
  407 + List<String> objList = new ArrayList<String>();
401 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 408 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
402 + " a.shanghai_linecode, a.nature from " 409 + " a.shanghai_linecode, a.nature from "
403 + " bsth_c_line a left join bsth_c_line_config b " 410 + " bsth_c_line a left join bsth_c_line_config b "
404 + " on a.id=b.line where " 411 + " on a.id=b.line where "
405 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 412 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
406 - + " and a.remove=0 and a.level = '"+level+"'";  
407 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 413 + + " and a.remove=0 and a.level = ?";
  414 + objList.add(level);
  415 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
408 new RowMapper<Map<String, Object>>(){ 416 new RowMapper<Map<String, Object>>(){
409 @Override 417 @Override
410 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 418 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -484,15 +492,18 @@ public class BigdataService { @@ -484,15 +492,18 @@ public class BigdataService {
484 @Path("/lineCar/{type}/date/{date}") 492 @Path("/lineCar/{type}/date/{date}")
485 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) { 493 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) {
486 String sql=""; 494 String sql="";
  495 + List<String> objList = new ArrayList<String>();
487 if(type.equals("all")){ 496 if(type.equals("all")){
488 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 497 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
489 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 498 + + " from bsth_c_calc_count t where t.date = ?";
  499 + objList.add(date);
490 } 500 }
491 if(type.equals("actual")){ 501 if(type.equals("actual")){
492 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 502 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
493 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 503 + + " from bsth_c_calc_count t where t.date = ?";
  504 + objList.add(date);
494 } 505 }
495 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 506 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
496 new RowMapper<Map<String, Object>>(){ 507 new RowMapper<Map<String, Object>>(){
497 @Override 508 @Override
498 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 509 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -517,18 +528,23 @@ public class BigdataService { @@ -517,18 +528,23 @@ public class BigdataService {
517 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date, 528 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date,
518 @PathParam("line") String line) { 529 @PathParam("line") String line) {
519 String sql=""; 530 String sql="";
  531 + List<String> objList = new ArrayList<String>();
520 if(type.equals("all")){ 532 if(type.equals("all")){
521 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 533 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
522 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
523 - + " and xl ='"+line+"'"; 534 + + " from bsth_c_calc_count t where t.date = ?"
  535 + + " and xl = ?";
  536 + objList.add(date);
  537 + objList.add(line);
524 } 538 }
525 if(type.equals("actual")){ 539 if(type.equals("actual")){
526 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 540 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
527 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
528 - + " and xl ='"+line+"'"; 541 + + " from bsth_c_calc_count t where t.date = ?"
  542 + + " and xl = ?";
  543 + objList.add(date);
  544 + objList.add(line);
529 545
530 } 546 }
531 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 547 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
532 new RowMapper<Map<String, Object>>(){ 548 new RowMapper<Map<String, Object>>(){
533 @Override 549 @Override
534 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 550 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -557,15 +573,18 @@ public class BigdataService { @@ -557,15 +573,18 @@ public class BigdataService {
557 @Path("/linePerson/{type}/date/{date}") 573 @Path("/linePerson/{type}/date/{date}")
558 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) { 574 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) {
559 String sql=""; 575 String sql="";
  576 + List<String> objList = new ArrayList<String>();
560 if(type.equals("all")){ 577 if(type.equals("all")){
561 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 578 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
562 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 579 + + " from bsth_c_calc_count t where t.date = ?";
  580 + objList.add(date);
563 } 581 }
564 if(type.equals("actual")){ 582 if(type.equals("actual")){
565 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 583 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
566 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 584 + + " from bsth_c_calc_count t where t.date = ?";
  585 + objList.add(date);
567 } 586 }
568 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 587 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
569 new RowMapper<Map<String, Object>>(){ 588 new RowMapper<Map<String, Object>>(){
570 @Override 589 @Override
571 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 590 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -594,17 +613,22 @@ public class BigdataService { @@ -594,17 +613,22 @@ public class BigdataService {
594 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date, 613 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date,
595 @PathParam("line") String line) { 614 @PathParam("line") String line) {
596 String sql=""; 615 String sql="";
  616 + List<String> objList = new ArrayList<String>();
597 if(type.equals("all")){ 617 if(type.equals("all")){
598 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 618 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
599 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
600 - + " and xl ='"+line+"'"; 619 + + " from bsth_c_calc_count t where t.date = ?"
  620 + + " and xl = ?";
  621 + objList.add(date);
  622 + objList.add(line);
601 } 623 }
602 if(type.equals("actual")){ 624 if(type.equals("actual")){
603 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 625 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
604 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
605 - + " and xl ='"+line+"'"; 626 + + " from bsth_c_calc_count t where t.date = ?"
  627 + + " and xl = ?";
  628 + objList.add(date);
  629 + objList.add(line);
606 } 630 }
607 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 631 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
608 new RowMapper<Map<String, Object>>(){ 632 new RowMapper<Map<String, Object>>(){
609 @Override 633 @Override
610 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 634 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -643,17 +667,20 @@ public class BigdataService { @@ -643,17 +667,20 @@ public class BigdataService {
643 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type, 667 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type,
644 @PathParam("date") String date) { 668 @PathParam("date") String date) {
645 String sql=""; 669 String sql="";
  670 + List<String> objList = new ArrayList<String>();
646 if(type.equals("all")){ 671 if(type.equals("all")){
647 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 672 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
648 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 673 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
649 - + " where t.date='"+date+"'"; 674 + + " where t.date = ?";
  675 + objList.add(date);
650 } 676 }
651 if(type.equals("actual")){ 677 if(type.equals("actual")){
652 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 678 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
653 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 679 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
654 - + " where t.date='"+date+"'"; 680 + + " where t.date = ?";
  681 + objList.add(date);
655 } 682 }
656 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 683 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
657 new RowMapper<Map<String, Object>>(){ 684 new RowMapper<Map<String, Object>>(){
658 @Override 685 @Override
659 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 686 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -680,17 +707,22 @@ public class BigdataService { @@ -680,17 +707,22 @@ public class BigdataService {
680 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type, 707 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type,
681 @PathParam("date") String date,@PathParam("line") String line) { 708 @PathParam("date") String date,@PathParam("line") String line) {
682 String sql=""; 709 String sql="";
  710 + List<String> objList = new ArrayList<String>();
683 if(type.equals("all")){ 711 if(type.equals("all")){
684 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 712 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
685 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t " 713 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t "
686 - + " where t.date='"+date+"' and xl='"+line+"'"; 714 + + " where t.date = ? and xl = ?";
  715 + objList.add(date);
  716 + objList.add(line);
687 } 717 }
688 if(type.equals("actual")){ 718 if(type.equals("actual")){
689 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 719 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
690 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 720 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
691 - + " where t.date='"+date+"' and xl='"+line+"'"; 721 + + " where t.date = ? and xl = ?";
  722 + objList.add(date);
  723 + objList.add(line);
692 } 724 }
693 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 725 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
694 new RowMapper<Map<String, Object>>(){ 726 new RowMapper<Map<String, Object>>(){
695 @Override 727 @Override
696 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 728 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -724,17 +756,20 @@ public class BigdataService { @@ -724,17 +756,20 @@ public class BigdataService {
724 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type, 756 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type,
725 @PathParam("date") String date) { 757 @PathParam("date") String date) {
726 String sql=""; 758 String sql="";
  759 + List<String> objList = new ArrayList<String>();
727 if(type.equals("all")){ 760 if(type.equals("all")){
728 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 761 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
729 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 762 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
730 - + " where t.date='"+date+"'"; 763 + + " where t.date = ?";
  764 + objList.add(date);
731 } 765 }
732 if(type.equals("actual")){ 766 if(type.equals("actual")){
733 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 767 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
734 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 768 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
735 - + " where t.date='"+date+"'"; 769 + + " where t.date = ?";
  770 + objList.add(date);
736 } 771 }
737 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 772 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
738 new RowMapper<Map<String, Object>>(){ 773 new RowMapper<Map<String, Object>>(){
739 @Override 774 @Override
740 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 775 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -774,17 +809,22 @@ public class BigdataService { @@ -774,17 +809,22 @@ public class BigdataService {
774 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type, 809 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type,
775 @PathParam("date") String date,@PathParam("line") String line) { 810 @PathParam("date") String date,@PathParam("line") String line) {
776 String sql=""; 811 String sql="";
  812 + List<String> objList = new ArrayList<String>();
777 if(type.equals("all")){ 813 if(type.equals("all")){
778 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 814 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
779 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 815 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
780 - + " where t.date='"+date+"' and xl ='"+line+"'"; 816 + + " where t.date = ? and xl = ?";
  817 + objList.add(date);
  818 + objList.add(line);
781 } 819 }
782 if(type.equals("actual")){ 820 if(type.equals("actual")){
783 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 821 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
784 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 822 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
785 - + " where t.date='"+date+"' and xl ='"+line+"'"; 823 + + " where t.date = ? and xl = ?";
  824 + objList.add(date);
  825 + objList.add(line);
786 } 826 }
787 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 827 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
788 new RowMapper<Map<String, Object>>(){ 828 new RowMapper<Map<String, Object>>(){
789 @Override 829 @Override
790 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 830 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -828,9 +868,11 @@ public class BigdataService { @@ -828,9 +868,11 @@ public class BigdataService {
828 @GET 868 @GET
829 @Path("/abnormal/executionRate/date/{date}") 869 @Path("/abnormal/executionRate/date/{date}")
830 public List<Map<String, Object>> executionRate(@PathParam("date") String date) { 870 public List<Map<String, Object>> executionRate(@PathParam("date") String date) {
  871 + List<String> objList = new ArrayList<String>();
831 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 872 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
832 - + " where t.date='"+date+"' and push_type in ('1','3')";  
833 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 873 + + " where t.date = ? and push_type in ('1','3')";
  874 + objList.add(date);
  875 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
834 new RowMapper<Map<String, Object>>(){ 876 new RowMapper<Map<String, Object>>(){
835 @Override 877 @Override
836 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 878 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -850,9 +892,11 @@ public class BigdataService { @@ -850,9 +892,11 @@ public class BigdataService {
850 @GET 892 @GET
851 @Path("/abnormal/firstAndLast/date/{date}") 893 @Path("/abnormal/firstAndLast/date/{date}")
852 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) { 894 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) {
  895 + List<String> objList = new ArrayList<String>();
853 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 896 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
854 - + " where t.date='"+date+"' and push_type in ('2','3')";  
855 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 897 + + " where t.date = ? and push_type in ('2','3')";
  898 + objList.add(date);
  899 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
856 new RowMapper<Map<String, Object>>(){ 900 new RowMapper<Map<String, Object>>(){
857 @Override 901 @Override
858 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 902 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1040,15 +1084,20 @@ public class BigdataService { @@ -1040,15 +1084,20 @@ public class BigdataService {
1040 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}") 1084 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}")
1041 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate, 1085 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate,
1042 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1086 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1087 + List<String> objList = new ArrayList<String>();
1043 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc," 1088 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc,"
1044 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs," 1089 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs,"
1045 + " sjdgbcs from bsth_c_calc_count " 1090 + " sjdgbcs from bsth_c_calc_count "
1046 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1091 + + " where date >= ? and date <= ?";
  1092 + objList.add(starDate);
  1093 + objList.add(endDate);
  1094 +
1047 if(!line.equals("all")){ 1095 if(!line.equals("all")){
1048 - sql +=" and xl='"+line+"'"; 1096 + sql +=" and xl = ?";
  1097 + objList.add(line);
1049 } 1098 }
1050 1099
1051 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1100 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1052 new RowMapper<Map<String, Object>>(){ 1101 new RowMapper<Map<String, Object>>(){
1053 @Override 1102 @Override
1054 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1103 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1084,23 +1133,28 @@ public class BigdataService { @@ -1084,23 +1133,28 @@ public class BigdataService {
1084 @Path("/findByCompany/{company}/date/{date}") 1133 @Path("/findByCompany/{company}/date/{date}")
1085 public List<Map<String, Object>> findByCompany(@PathParam("company") String company, 1134 public List<Map<String, Object>> findByCompany(@PathParam("company") String company,
1086 @PathParam("date") String date) { 1135 @PathParam("date") String date) {
  1136 + List<String> objList = new ArrayList<String>();
1087 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl" 1137 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl"
1088 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage " 1138 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage "
1089 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf," 1139 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf,"
1090 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ," 1140 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ,"
1091 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN " 1141 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN "
1092 - + " (SELECT * from bsth_c_calc_sheet where date='"+date+"') b on a.line_code=b.xl"  
1093 - + " left join (select * from bsth_c_calc_count where date='"+date+"') c on a.line_code=c.xl "  
1094 - + " left join (select * from bsth_c_calc_count where date='"+date+"' " 1142 + + " (SELECT * from bsth_c_calc_sheet where date = ?) b on a.line_code=b.xl"
  1143 + + " left join (select * from bsth_c_calc_count where date = ?) c on a.line_code=c.xl "
  1144 + + " left join (select * from bsth_c_calc_count where date = ? "
1095 + " and xl_name like '%机场%') d on a.line_code=d.xl " 1145 + " and xl_name like '%机场%') d on a.line_code=d.xl "
1096 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t " 1146 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t "
1097 + " where t.date is not null "; 1147 + " where t.date is not null ";
  1148 + objList.add(date);
  1149 + objList.add(date);
  1150 + objList.add(date);
1098 if(!company.equals("all")){ 1151 if(!company.equals("all")){
1099 - sql +=" and t.company='"+company+"'"; 1152 + sql +=" and t.company = ?";
  1153 + objList.add(company);
1100 } 1154 }
1101 sql +=" group by t.company,t.date"; 1155 sql +=" group by t.company,t.date";
1102 1156
1103 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1157 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1104 new RowMapper<Map<String, Object>>(){ 1158 new RowMapper<Map<String, Object>>(){
1105 @Override 1159 @Override
1106 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1160 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1125,43 +1179,54 @@ public class BigdataService { @@ -1125,43 +1179,54 @@ public class BigdataService {
1125 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd"); 1179 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
1126 String d=sdf.format(new Date()); 1180 String d=sdf.format(new Date());
1127 String sql=""; 1181 String sql="";
  1182 + List<String> objList = new ArrayList<String>();
1128 if(gs.equals("all")){ 1183 if(gs.equals("all")){
1129 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1184 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1130 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl," 1185 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl,"
1131 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1186 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1132 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1187 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1133 + " and b.xl in(select a.line_code from bsth_c_line a where " 1188 + " and b.xl in(select a.line_code from bsth_c_line a where "
1134 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x " 1189 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x "
1135 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1190 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1136 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1191 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1137 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1192 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1138 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date<'"+d+"' and " 1193 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1139 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1194 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1140 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 "; 1195 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 ";
  1196 + objList.add("%"+date+"%");
  1197 + objList.add(d);
  1198 + objList.add("%"+date+"%");
  1199 + objList.add(d);
1141 1200
1142 }else{ 1201 }else{
1143 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1202 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1144 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl," 1203 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl,"
1145 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1204 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1146 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1205 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1147 + " and b.xl in(select a.line_code from bsth_c_line a where " 1206 + " and b.xl in(select a.line_code from bsth_c_line a where "
1148 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x " 1207 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x "
1149 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1208 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1150 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1209 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1151 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1210 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1152 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date <'"+d+"' and " 1211 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1153 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1212 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1154 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 "; 1213 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 ";
  1214 + objList.add("%"+date+"%");
  1215 + objList.add(d);
  1216 + objList.add("%"+date+"%");
  1217 + objList.add(d);
1155 1218
1156 } 1219 }
1157 if(!gs.equals("all")){ 1220 if(!gs.equals("all")){
1158 - sql += " and x.gsdm='"+gs+"'"; 1221 + sql += " and x.gsdm = ?";
  1222 + objList.add(gs);
1159 } 1223 }
1160 1224
1161 if(!fgs.equals("all")){ 1225 if(!fgs.equals("all")){
1162 - sql += " and x.fgsdm='"+fgs+"'"; 1226 + sql += " and x.fgsdm = ?";
  1227 + objList.add(fgs);
1163 } 1228 }
1164 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1229 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1165 new RowMapper<Map<String, Object>>(){ 1230 new RowMapper<Map<String, Object>>(){
1166 @Override 1231 @Override
1167 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1232 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1189,14 +1254,18 @@ public class BigdataService { @@ -1189,14 +1254,18 @@ public class BigdataService {
1189 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1254 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1190 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate, 1255 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate,
1191 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1256 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1257 + List<String> objList = new ArrayList<String>();
1192 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc," 1258 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc,"
1193 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz," 1259 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz,"
1194 + " sjdgbcs from bsth_c_calc_count " 1260 + " sjdgbcs from bsth_c_calc_count "
1195 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1261 + + " where date >= ? and date <= ?";
  1262 + objList.add(starDate);
  1263 + objList.add(endDate);
1196 if(!line.equals("all")){ 1264 if(!line.equals("all")){
1197 - sql +=" and xl='"+line+"'"; 1265 + sql +=" and xl = ?";
  1266 + objList.add(line);
1198 } 1267 }
1199 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1268 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1200 new RowMapper<Map<String, Object>>(){ 1269 new RowMapper<Map<String, Object>>(){
1201 @Override 1270 @Override
1202 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1271 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1226,14 +1295,18 @@ public class BigdataService { @@ -1226,14 +1295,18 @@ public class BigdataService {
1226 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1295 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1227 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate, 1296 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate,
1228 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1297 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1298 + List<String> objList = new ArrayList<String>();
1229 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl," 1299 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl,"
1230 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , " 1300 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , "
1231 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet " 1301 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet "
1232 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1302 + + " where date >= ? and date <= ?";
  1303 + objList.add(starDate);
  1304 + objList.add(endDate);
1233 if(!line.equals("all")){ 1305 if(!line.equals("all")){
1234 - sql +=" and xl='"+line+"'"; 1306 + sql +=" and xl = ?";
  1307 + objList.add(line);
1235 } 1308 }
1236 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1309 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1237 new RowMapper<Map<String, Object>>(){ 1310 new RowMapper<Map<String, Object>>(){
1238 @Override 1311 @Override
1239 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1312 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1257,18 +1330,22 @@ public class BigdataService { @@ -1257,18 +1330,22 @@ public class BigdataService {
1257 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}") 1330 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}")
1258 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate, 1331 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate,
1259 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1332 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1333 + List<String> objList = new ArrayList<String>();
1260 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz," 1334 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz,"
1261 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz," 1335 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz,"
1262 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz," 1336 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz,"
1263 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz," 1337 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz,"
1264 + " jhszfcs,sjszfczds,szfczdl," 1338 + " jhszfcs,sjszfczds,szfczdl,"
1265 + " create_date from bsth_c_calc_count " 1339 + " create_date from bsth_c_calc_count "
1266 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1340 + + " where date >= ? and date <= ?";
  1341 + objList.add(starDate);
  1342 + objList.add(endDate);
1267 if(!line.equals("all")){ 1343 if(!line.equals("all")){
1268 - sql +=" and xl='"+line+"'"; 1344 + sql +=" and xl = ?";
  1345 + objList.add(line);
1269 } 1346 }
1270 1347
1271 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1348 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1272 new RowMapper<Map<String, Object>>(){ 1349 new RowMapper<Map<String, Object>>(){
1273 @Override 1350 @Override
1274 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1351 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {