潘钊 / control_service_data_Interface · Commits

Commit dc1201533b6b771b7c0ca3b44535ac820f377411

Authored by 娄高锋
1 parent f9d396d6
build: skipped

SQL注入漏洞;

Inline Side-by-side
Showing 1 changed file with 141 additions and 64 deletions
src/main/java/com/bsth/server_rs/bigdata/BigdataService.java
  View file @dc12015
... ... @@ -151,9 +151,11 @@ public class BigdataService {
151 151 }
152 152 public Map<String, Long> getEndtime(String date){
153 153 Map<String, Long> map=new HashMap<String,Long>();
  154 + List<String> objList = new ArrayList<String>();
154 155 String sql="select xl,endtime from bsth_c_calc_count "
155   - + " where date='"+date+"' ";
156   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  156 + + " where date = ? ";
  157 + objList.add(date);
  158 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
157 159 new RowMapper<Map<String, Object>>(){
158 160 @Override
159 161 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -251,13 +253,15 @@ public class BigdataService {
251 253 @GET
252 254 @Path("/line/company/{companyId}")
253 255 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) {
  256 + List<String> objList = new ArrayList<String>();
254 257 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
255 258 + " a.shanghai_linecode, a.nature from "
256 259 + " bsth_c_line a left join bsth_c_line_config b "
257 260 + " on a.id=b.line where "
258 261 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
259   - + " and a.remove=0 and a.company = '"+companyId+"'";
260   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  262 + + " and a.remove=0 and a.company = ?";
  263 + objList.add(companyId);
  264 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
261 265 new RowMapper<Map<String, Object>>(){
262 266 @Override
263 267 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -329,13 +333,15 @@ public class BigdataService {
329 333 @GET
330 334 @Path("/line/{lineCode}")
331 335 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) {
  336 + List<String> objList = new ArrayList<String>();
332 337 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
333 338 + " a.shanghai_linecode, a.nature from "
334 339 + " bsth_c_line a left join bsth_c_line_config b "
335 340 + " on a.id=b.line where "
336 341 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
337   - + " and a.remove=0 and a.line_code = '"+lineCode+"'";
338   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  342 + + " and a.remove=0 and a.line_code = ?";
  343 + objList.add(lineCode);
  344 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
339 345 new RowMapper<Map<String, Object>>(){
340 346 @Override
341 347 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -407,13 +413,15 @@ public class BigdataService {
407 413 @GET
408 414 @Path("/line/level/{level}")
409 415 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) {
  416 + List<String> objList = new ArrayList<String>();
410 417 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
411 418 + " a.shanghai_linecode, a.nature from "
412 419 + " bsth_c_line a left join bsth_c_line_config b "
413 420 + " on a.id=b.line where "
414 421 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
415   - + " and a.remove=0 and a.level = '"+level+"'";
416   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  422 + + " and a.remove=0 and a.level = ?";
  423 + objList.add(level);
  424 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
417 425 new RowMapper<Map<String, Object>>(){
418 426 @Override
419 427 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -493,15 +501,18 @@ public class BigdataService {
493 501 @Path("/lineCar/{type}/date/{date}")
494 502 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) {
495 503 String sql="";
  504 + List<String> objList = new ArrayList<String>();
496 505 if(type.equals("all")){
497 506 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
498   - + " from bsth_c_calc_count t where t.date='"+date+"'";
  507 + + " from bsth_c_calc_count t where t.date = ?";
  508 + objList.add(date);
499 509 }
500 510 if(type.equals("actual")){
501 511 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
502   - + " from bsth_c_calc_count t where t.date='"+date+"'";
  512 + + " from bsth_c_calc_count t where t.date = ?";
  513 + objList.add(date);
503 514 }
504   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  515 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
505 516 new RowMapper<Map<String, Object>>(){
506 517 @Override
507 518 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -526,18 +537,23 @@ public class BigdataService {
526 537 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date,
527 538 @PathParam("line") String line) {
528 539 String sql="";
  540 + List<String> objList = new ArrayList<String>();
529 541 if(type.equals("all")){
530 542 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
531   - + " from bsth_c_calc_count t where t.date='"+date+"'"
532   - + " and xl ='"+line+"'";
  543 + + " from bsth_c_calc_count t where t.date = ?"
  544 + + " and xl = ?";
  545 + objList.add(date);
  546 + objList.add(line);
533 547 }
534 548 if(type.equals("actual")){
535 549 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
536   - + " from bsth_c_calc_count t where t.date='"+date+"'"
537   - + " and xl ='"+line+"'";
  550 + + " from bsth_c_calc_count t where t.date = ?"
  551 + + " and xl = ?";
  552 + objList.add(date);
  553 + objList.add(line);
538 554  
539 555 }
540   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  556 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
541 557 new RowMapper<Map<String, Object>>(){
542 558 @Override
543 559 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -566,15 +582,18 @@ public class BigdataService {
566 582 @Path("/linePerson/{type}/date/{date}")
567 583 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) {
568 584 String sql="";
  585 + List<String> objList = new ArrayList<String>();
569 586 if(type.equals("all")){
570 587 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
571   - + " from bsth_c_calc_count t where t.date='"+date+"'";
  588 + + " from bsth_c_calc_count t where t.date = ?";
  589 + objList.add(date);
572 590 }
573 591 if(type.equals("actual")){
574 592 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
575   - + " from bsth_c_calc_count t where t.date='"+date+"'";
  593 + + " from bsth_c_calc_count t where t.date = ?";
  594 + objList.add(date);
576 595 }
577   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  596 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
578 597 new RowMapper<Map<String, Object>>(){
579 598 @Override
580 599 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -603,17 +622,22 @@ public class BigdataService {
603 622 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date,
604 623 @PathParam("line") String line) {
605 624 String sql="";
  625 + List<String> objList = new ArrayList<String>();
606 626 if(type.equals("all")){
607 627 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
608   - + " from bsth_c_calc_count t where t.date='"+date+"'"
609   - + " and xl ='"+line+"'";
  628 + + " from bsth_c_calc_count t where t.date = ?"
  629 + + " and xl = ?";
  630 + objList.add(date);
  631 + objList.add(line);
610 632 }
611 633 if(type.equals("actual")){
612 634 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
613   - + " from bsth_c_calc_count t where t.date='"+date+"'"
614   - + " and xl ='"+line+"'";
  635 + + " from bsth_c_calc_count t where t.date = ?"
  636 + + " and xl = ?";
  637 + objList.add(date);
  638 + objList.add(line);
615 639 }
616   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  640 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
617 641 new RowMapper<Map<String, Object>>(){
618 642 @Override
619 643 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -652,17 +676,20 @@ public class BigdataService {
652 676 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type,
653 677 @PathParam("date") String date) {
654 678 String sql="";
  679 + List<String> objList = new ArrayList<String>();
655 680 if(type.equals("all")){
656 681 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
657 682 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
658   - + " where t.date='"+date+"'";
  683 + + " where t.date = ?";
  684 + objList.add(date);
659 685 }
660 686 if(type.equals("actual")){
661 687 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
662 688 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
663   - + " where t.date='"+date+"'";
  689 + + " where t.date = ?";
  690 + objList.add(date);
664 691 }
665   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  692 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
666 693 new RowMapper<Map<String, Object>>(){
667 694 @Override
668 695 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -689,17 +716,22 @@ public class BigdataService {
689 716 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type,
690 717 @PathParam("date") String date,@PathParam("line") String line) {
691 718 String sql="";
  719 + List<String> objList = new ArrayList<String>();
692 720 if(type.equals("all")){
693 721 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
694 722 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t "
695   - + " where t.date='"+date+"' and xl='"+line+"'";
  723 + + " where t.date = ? and xl = ?";
  724 + objList.add(date);
  725 + objList.add(line);
696 726 }
697 727 if(type.equals("actual")){
698 728 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
699 729 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
700   - + " where t.date='"+date+"' and xl='"+line+"'";
  730 + + " where t.date = ? and xl = ?";
  731 + objList.add(date);
  732 + objList.add(line);
701 733 }
702   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  734 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
703 735 new RowMapper<Map<String, Object>>(){
704 736 @Override
705 737 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -733,17 +765,20 @@ public class BigdataService {
733 765 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type,
734 766 @PathParam("date") String date) {
735 767 String sql="";
  768 + List<String> objList = new ArrayList<String>();
736 769 if(type.equals("all")){
737 770 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
738 771 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
739   - + " where t.date='"+date+"'";
  772 + + " where t.date = ?";
  773 + objList.add(date);
740 774 }
741 775 if(type.equals("actual")){
742 776 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
743 777 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
744   - + " where t.date='"+date+"'";
  778 + + " where t.date = ?";
  779 + objList.add(date);
745 780 }
746   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  781 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
747 782 new RowMapper<Map<String, Object>>(){
748 783 @Override
749 784 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -783,17 +818,22 @@ public class BigdataService {
783 818 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type,
784 819 @PathParam("date") String date,@PathParam("line") String line) {
785 820 String sql="";
  821 + List<String> objList = new ArrayList<String>();
786 822 if(type.equals("all")){
787 823 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
788 824 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
789   - + " where t.date='"+date+"' and xl ='"+line+"'";
  825 + + " where t.date = ? and xl = ?";
  826 + objList.add(date);
  827 + objList.add(line);
790 828 }
791 829 if(type.equals("actual")){
792 830 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
793 831 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
794   - + " where t.date='"+date+"' and xl ='"+line+"'";
  832 + + " where t.date = ? and xl = ?";
  833 + objList.add(date);
  834 + objList.add(line);
795 835 }
796   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  836 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
797 837 new RowMapper<Map<String, Object>>(){
798 838 @Override
799 839 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -837,9 +877,11 @@ public class BigdataService {
837 877 @GET
838 878 @Path("/abnormal/executionRate/date/{date}")
839 879 public List<Map<String, Object>> executionRate(@PathParam("date") String date) {
  880 + List<String> objList = new ArrayList<String>();
840 881 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
841   - + " where t.date='"+date+"' and push_type in ('1','3')";
842   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  882 + + " where t.date = ? and push_type in ('1','3')";
  883 + objList.add(date);
  884 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
843 885 new RowMapper<Map<String, Object>>(){
844 886 @Override
845 887 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -859,9 +901,11 @@ public class BigdataService {
859 901 @GET
860 902 @Path("/abnormal/firstAndLast/date/{date}")
861 903 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) {
  904 + List<String> objList = new ArrayList<String>();
862 905 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
863   - + " where t.date='"+date+"' and push_type in ('2','3')";
864   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  906 + + " where t.date = ? and push_type in ('2','3')";
  907 + objList.add(date);
  908 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
865 909 new RowMapper<Map<String, Object>>(){
866 910 @Override
867 911 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1049,15 +1093,20 @@ public class BigdataService {
1049 1093 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}")
1050 1094 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate,
1051 1095 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1096 + List<String> objList = new ArrayList<String>();
1052 1097 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc,"
1053 1098 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs,"
1054 1099 + " sjdgbcs from bsth_c_calc_count "
1055   - + " where date>='"+starDate+"' and date<= '"+endDate+"'";
  1100 + + " where date >= ? and date <= ?";
  1101 + objList.add(starDate);
  1102 + objList.add(endDate);
  1103 +
1056 1104 if(!line.equals("all")){
1057   - sql +=" and xl='"+line+"'";
  1105 + sql +=" and xl = ?";
  1106 + objList.add(line);
1058 1107 }
1059 1108  
1060   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1109 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1061 1110 new RowMapper<Map<String, Object>>(){
1062 1111 @Override
1063 1112 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1093,23 +1142,28 @@ public class BigdataService {
1093 1142 @Path("/findByCompany/{company}/date/{date}")
1094 1143 public List<Map<String, Object>> findByCompany(@PathParam("company") String company,
1095 1144 @PathParam("date") String date) {
  1145 + List<String> objList = new ArrayList<String>();
1096 1146 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl"
1097 1147 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage "
1098 1148 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf,"
1099 1149 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ,"
1100 1150 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN "
1101   - + " (SELECT * from bsth_c_calc_sheet where date='"+date+"') b on a.line_code=b.xl"
1102   - + " left join (select * from bsth_c_calc_count where date='"+date+"') c on a.line_code=c.xl "
1103   - + " left join (select * from bsth_c_calc_count where date='"+date+"' "
  1151 + + " (SELECT * from bsth_c_calc_sheet where date = ?) b on a.line_code=b.xl"
  1152 + + " left join (select * from bsth_c_calc_count where date = ?) c on a.line_code=c.xl "
  1153 + + " left join (select * from bsth_c_calc_count where date = ? "
1104 1154 + " and xl_name like '%机场%') d on a.line_code=d.xl "
1105 1155 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t "
1106 1156 + " where t.date is not null ";
  1157 + objList.add(date);
  1158 + objList.add(date);
  1159 + objList.add(date);
1107 1160 if(!company.equals("all")){
1108   - sql +=" and t.company='"+company+"'";
  1161 + sql +=" and t.company = ?";
  1162 + objList.add(company);
1109 1163 }
1110 1164 sql +=" group by t.company,t.date";
1111 1165  
1112   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1166 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1113 1167 new RowMapper<Map<String, Object>>(){
1114 1168 @Override
1115 1169 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1134,43 +1188,54 @@ public class BigdataService {
1134 1188 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
1135 1189 String d=sdf.format(new Date());
1136 1190 String sql="";
  1191 + List<String> objList = new ArrayList<String>();
1137 1192 if(gs.equals("all")){
1138 1193 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1139 1194 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl,"
1140 1195 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1141   - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' "
  1196 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1142 1197 + " and b.xl in(select a.line_code from bsth_c_line a where "
1143 1198 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x "
1144 1199 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1145 1200 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1146 1201 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1147   - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date<'"+d+"' and "
  1202 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1148 1203 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1149 1204 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 ";
  1205 + objList.add("%"+date+"%");
  1206 + objList.add(d);
  1207 + objList.add("%"+date+"%");
  1208 + objList.add(d);
1150 1209  
1151 1210 }else{
1152 1211 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1153 1212 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl,"
1154 1213 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1155   - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' "
  1214 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1156 1215 + " and b.xl in(select a.line_code from bsth_c_line a where "
1157 1216 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x "
1158 1217 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1159 1218 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1160 1219 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1161   - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date <'"+d+"' and "
  1220 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1162 1221 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1163 1222 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 ";
  1223 + objList.add("%"+date+"%");
  1224 + objList.add(d);
  1225 + objList.add("%"+date+"%");
  1226 + objList.add(d);
1164 1227  
1165 1228 }
1166 1229 if(!gs.equals("all")){
1167   - sql += " and x.gsdm='"+gs+"'";
  1230 + sql += " and x.gsdm = ?";
  1231 + objList.add(gs);
1168 1232 }
1169 1233  
1170 1234 if(!fgs.equals("all")){
1171   - sql += " and x.fgsdm='"+fgs+"'";
  1235 + sql += " and x.fgsdm = ?";
  1236 + objList.add(fgs);
1172 1237 }
1173   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1238 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1174 1239 new RowMapper<Map<String, Object>>(){
1175 1240 @Override
1176 1241 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1198,14 +1263,18 @@ public class BigdataService {
1198 1263 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1199 1264 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate,
1200 1265 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1266 + List<String> objList = new ArrayList<String>();
1201 1267 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc,"
1202 1268 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz,"
1203 1269 + " sjdgbcs from bsth_c_calc_count "
1204   - + " where date>='"+starDate+"' and date<= '"+endDate+"'";
  1270 + + " where date >= ? and date <= ?";
  1271 + objList.add(starDate);
  1272 + objList.add(endDate);
1205 1273 if(!line.equals("all")){
1206   - sql +=" and xl='"+line+"'";
  1274 + sql +=" and xl = ?";
  1275 + objList.add(line);
1207 1276 }
1208   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1277 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1209 1278 new RowMapper<Map<String, Object>>(){
1210 1279 @Override
1211 1280 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1235,14 +1304,18 @@ public class BigdataService {
1235 1304 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1236 1305 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate,
1237 1306 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1307 + List<String> objList = new ArrayList<String>();
1238 1308 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl,"
1239 1309 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , "
1240 1310 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet "
1241   - + " where date>='"+starDate+"' and date<= '"+endDate+"'";
  1311 + + " where date >= ? and date <= ?";
  1312 + objList.add(starDate);
  1313 + objList.add(endDate);
1242 1314 if(!line.equals("all")){
1243   - sql +=" and xl='"+line+"'";
  1315 + sql +=" and xl = ?";
  1316 + objList.add(line);
1244 1317 }
1245   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1318 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1246 1319 new RowMapper<Map<String, Object>>(){
1247 1320 @Override
1248 1321 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ... @@ -1266,18 +1339,22 @@ public class BigdataService {
1266 1339 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}")
1267 1340 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate,
1268 1341 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1342 + List<String> objList = new ArrayList<String>();
1269 1343 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz,"
1270 1344 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz,"
1271 1345 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz,"
1272 1346 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz,"
1273 1347 + " jhszfcs,sjszfczds,szfczdl,"
1274 1348 + " create_date from bsth_c_calc_count "
1275   - + " where date>='"+starDate+"' and date<= '"+endDate+"'";
  1349 + + " where date >= ? and date <= ?";
  1350 + objList.add(starDate);
  1351 + objList.add(endDate);
1276 1352 if(!line.equals("all")){
1277   - sql +=" and xl='"+line+"'";
  1353 + sql +=" and xl = ?";
  1354 + objList.add(line);
1278 1355 }
1279 1356  
1280   - List<Map<String, Object>> list=jdbcTemplate.query(sql,
  1357 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1281 1358 new RowMapper<Map<String, Object>>(){
1282 1359 @Override
1283 1360 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
... ...