潘钊 / control_service_data_Interface · Commits

Commit dc1201533b6b771b7c0ca3b44535ac820f377411

Authored by 娄高锋
1 parent f9d396d6
build: skipped

SQL注入漏洞;

Inline Side-by-side
Showing 1 changed file with 141 additions and 64 deletions
src/main/java/com/bsth/server_rs/bigdata/BigdataService.java
  View file @dc12015
@@ -151,9 +151,11 @@ public class BigdataService { @@ -151,9 +151,11 @@ public class BigdataService {
151 } 151 }
152 public Map<String, Long> getEndtime(String date){ 152 public Map<String, Long> getEndtime(String date){
153 Map<String, Long> map=new HashMap<String,Long>(); 153 Map<String, Long> map=new HashMap<String,Long>();
  154 + List<String> objList = new ArrayList<String>();
154 String sql="select xl,endtime from bsth_c_calc_count " 155 String sql="select xl,endtime from bsth_c_calc_count "
155 - + " where date='"+date+"' ";  
156 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 156 + + " where date = ? ";
  157 + objList.add(date);
  158 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
157 new RowMapper<Map<String, Object>>(){ 159 new RowMapper<Map<String, Object>>(){
158 @Override 160 @Override
159 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 161 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -251,13 +253,15 @@ public class BigdataService { @@ -251,13 +253,15 @@ public class BigdataService {
251 @GET 253 @GET
252 @Path("/line/company/{companyId}") 254 @Path("/line/company/{companyId}")
253 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) { 255 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) {
  256 + List<String> objList = new ArrayList<String>();
254 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 257 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
255 + " a.shanghai_linecode, a.nature from " 258 + " a.shanghai_linecode, a.nature from "
256 + " bsth_c_line a left join bsth_c_line_config b " 259 + " bsth_c_line a left join bsth_c_line_config b "
257 + " on a.id=b.line where " 260 + " on a.id=b.line where "
258 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 261 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
259 - + " and a.remove=0 and a.company = '"+companyId+"'";  
260 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 262 + + " and a.remove=0 and a.company = ?";
  263 + objList.add(companyId);
  264 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
261 new RowMapper<Map<String, Object>>(){ 265 new RowMapper<Map<String, Object>>(){
262 @Override 266 @Override
263 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 267 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -329,13 +333,15 @@ public class BigdataService { @@ -329,13 +333,15 @@ public class BigdataService {
329 @GET 333 @GET
330 @Path("/line/{lineCode}") 334 @Path("/line/{lineCode}")
331 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) { 335 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) {
  336 + List<String> objList = new ArrayList<String>();
332 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 337 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
333 + " a.shanghai_linecode, a.nature from " 338 + " a.shanghai_linecode, a.nature from "
334 + " bsth_c_line a left join bsth_c_line_config b " 339 + " bsth_c_line a left join bsth_c_line_config b "
335 + " on a.id=b.line where " 340 + " on a.id=b.line where "
336 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 341 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
337 - + " and a.remove=0 and a.line_code = '"+lineCode+"'";  
338 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 342 + + " and a.remove=0 and a.line_code = ?";
  343 + objList.add(lineCode);
  344 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
339 new RowMapper<Map<String, Object>>(){ 345 new RowMapper<Map<String, Object>>(){
340 @Override 346 @Override
341 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 347 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -407,13 +413,15 @@ public class BigdataService { @@ -407,13 +413,15 @@ public class BigdataService {
407 @GET 413 @GET
408 @Path("/line/level/{level}") 414 @Path("/line/level/{level}")
409 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) { 415 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) {
  416 + List<String> objList = new ArrayList<String>();
410 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 417 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
411 + " a.shanghai_linecode, a.nature from " 418 + " a.shanghai_linecode, a.nature from "
412 + " bsth_c_line a left join bsth_c_line_config b " 419 + " bsth_c_line a left join bsth_c_line_config b "
413 + " on a.id=b.line where " 420 + " on a.id=b.line where "
414 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 421 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
415 - + " and a.remove=0 and a.level = '"+level+"'";  
416 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 422 + + " and a.remove=0 and a.level = ?";
  423 + objList.add(level);
  424 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
417 new RowMapper<Map<String, Object>>(){ 425 new RowMapper<Map<String, Object>>(){
418 @Override 426 @Override
419 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 427 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -493,15 +501,18 @@ public class BigdataService { @@ -493,15 +501,18 @@ public class BigdataService {
493 @Path("/lineCar/{type}/date/{date}") 501 @Path("/lineCar/{type}/date/{date}")
494 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) { 502 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) {
495 String sql=""; 503 String sql="";
  504 + List<String> objList = new ArrayList<String>();
496 if(type.equals("all")){ 505 if(type.equals("all")){
497 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 506 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
498 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 507 + + " from bsth_c_calc_count t where t.date = ?";
  508 + objList.add(date);
499 } 509 }
500 if(type.equals("actual")){ 510 if(type.equals("actual")){
501 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 511 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
502 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 512 + + " from bsth_c_calc_count t where t.date = ?";
  513 + objList.add(date);
503 } 514 }
504 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 515 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
505 new RowMapper<Map<String, Object>>(){ 516 new RowMapper<Map<String, Object>>(){
506 @Override 517 @Override
507 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 518 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -526,18 +537,23 @@ public class BigdataService { @@ -526,18 +537,23 @@ public class BigdataService {
526 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date, 537 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date,
527 @PathParam("line") String line) { 538 @PathParam("line") String line) {
528 String sql=""; 539 String sql="";
  540 + List<String> objList = new ArrayList<String>();
529 if(type.equals("all")){ 541 if(type.equals("all")){
530 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 542 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
531 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
532 - + " and xl ='"+line+"'"; 543 + + " from bsth_c_calc_count t where t.date = ?"
  544 + + " and xl = ?";
  545 + objList.add(date);
  546 + objList.add(line);
533 } 547 }
534 if(type.equals("actual")){ 548 if(type.equals("actual")){
535 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 549 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
536 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
537 - + " and xl ='"+line+"'"; 550 + + " from bsth_c_calc_count t where t.date = ?"
  551 + + " and xl = ?";
  552 + objList.add(date);
  553 + objList.add(line);
538 554
539 } 555 }
540 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 556 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
541 new RowMapper<Map<String, Object>>(){ 557 new RowMapper<Map<String, Object>>(){
542 @Override 558 @Override
543 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 559 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -566,15 +582,18 @@ public class BigdataService { @@ -566,15 +582,18 @@ public class BigdataService {
566 @Path("/linePerson/{type}/date/{date}") 582 @Path("/linePerson/{type}/date/{date}")
567 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) { 583 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) {
568 String sql=""; 584 String sql="";
  585 + List<String> objList = new ArrayList<String>();
569 if(type.equals("all")){ 586 if(type.equals("all")){
570 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 587 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
571 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 588 + + " from bsth_c_calc_count t where t.date = ?";
  589 + objList.add(date);
572 } 590 }
573 if(type.equals("actual")){ 591 if(type.equals("actual")){
574 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 592 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
575 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 593 + + " from bsth_c_calc_count t where t.date = ?";
  594 + objList.add(date);
576 } 595 }
577 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 596 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
578 new RowMapper<Map<String, Object>>(){ 597 new RowMapper<Map<String, Object>>(){
579 @Override 598 @Override
580 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 599 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -603,17 +622,22 @@ public class BigdataService { @@ -603,17 +622,22 @@ public class BigdataService {
603 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date, 622 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date,
604 @PathParam("line") String line) { 623 @PathParam("line") String line) {
605 String sql=""; 624 String sql="";
  625 + List<String> objList = new ArrayList<String>();
606 if(type.equals("all")){ 626 if(type.equals("all")){
607 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 627 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
608 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
609 - + " and xl ='"+line+"'"; 628 + + " from bsth_c_calc_count t where t.date = ?"
  629 + + " and xl = ?";
  630 + objList.add(date);
  631 + objList.add(line);
610 } 632 }
611 if(type.equals("actual")){ 633 if(type.equals("actual")){
612 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 634 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
613 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
614 - + " and xl ='"+line+"'"; 635 + + " from bsth_c_calc_count t where t.date = ?"
  636 + + " and xl = ?";
  637 + objList.add(date);
  638 + objList.add(line);
615 } 639 }
616 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 640 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
617 new RowMapper<Map<String, Object>>(){ 641 new RowMapper<Map<String, Object>>(){
618 @Override 642 @Override
619 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 643 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -652,17 +676,20 @@ public class BigdataService { @@ -652,17 +676,20 @@ public class BigdataService {
652 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type, 676 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type,
653 @PathParam("date") String date) { 677 @PathParam("date") String date) {
654 String sql=""; 678 String sql="";
  679 + List<String> objList = new ArrayList<String>();
655 if(type.equals("all")){ 680 if(type.equals("all")){
656 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 681 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
657 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 682 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
658 - + " where t.date='"+date+"'"; 683 + + " where t.date = ?";
  684 + objList.add(date);
659 } 685 }
660 if(type.equals("actual")){ 686 if(type.equals("actual")){
661 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 687 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
662 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 688 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
663 - + " where t.date='"+date+"'"; 689 + + " where t.date = ?";
  690 + objList.add(date);
664 } 691 }
665 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 692 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
666 new RowMapper<Map<String, Object>>(){ 693 new RowMapper<Map<String, Object>>(){
667 @Override 694 @Override
668 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 695 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -689,17 +716,22 @@ public class BigdataService { @@ -689,17 +716,22 @@ public class BigdataService {
689 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type, 716 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type,
690 @PathParam("date") String date,@PathParam("line") String line) { 717 @PathParam("date") String date,@PathParam("line") String line) {
691 String sql=""; 718 String sql="";
  719 + List<String> objList = new ArrayList<String>();
692 if(type.equals("all")){ 720 if(type.equals("all")){
693 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 721 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
694 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t " 722 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t "
695 - + " where t.date='"+date+"' and xl='"+line+"'"; 723 + + " where t.date = ? and xl = ?";
  724 + objList.add(date);
  725 + objList.add(line);
696 } 726 }
697 if(type.equals("actual")){ 727 if(type.equals("actual")){
698 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 728 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
699 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 729 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
700 - + " where t.date='"+date+"' and xl='"+line+"'"; 730 + + " where t.date = ? and xl = ?";
  731 + objList.add(date);
  732 + objList.add(line);
701 } 733 }
702 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 734 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
703 new RowMapper<Map<String, Object>>(){ 735 new RowMapper<Map<String, Object>>(){
704 @Override 736 @Override
705 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 737 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -733,17 +765,20 @@ public class BigdataService { @@ -733,17 +765,20 @@ public class BigdataService {
733 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type, 765 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type,
734 @PathParam("date") String date) { 766 @PathParam("date") String date) {
735 String sql=""; 767 String sql="";
  768 + List<String> objList = new ArrayList<String>();
736 if(type.equals("all")){ 769 if(type.equals("all")){
737 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 770 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
738 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 771 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
739 - + " where t.date='"+date+"'"; 772 + + " where t.date = ?";
  773 + objList.add(date);
740 } 774 }
741 if(type.equals("actual")){ 775 if(type.equals("actual")){
742 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 776 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
743 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 777 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
744 - + " where t.date='"+date+"'"; 778 + + " where t.date = ?";
  779 + objList.add(date);
745 } 780 }
746 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 781 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
747 new RowMapper<Map<String, Object>>(){ 782 new RowMapper<Map<String, Object>>(){
748 @Override 783 @Override
749 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 784 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -783,17 +818,22 @@ public class BigdataService { @@ -783,17 +818,22 @@ public class BigdataService {
783 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type, 818 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type,
784 @PathParam("date") String date,@PathParam("line") String line) { 819 @PathParam("date") String date,@PathParam("line") String line) {
785 String sql=""; 820 String sql="";
  821 + List<String> objList = new ArrayList<String>();
786 if(type.equals("all")){ 822 if(type.equals("all")){
787 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 823 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
788 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 824 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
789 - + " where t.date='"+date+"' and xl ='"+line+"'"; 825 + + " where t.date = ? and xl = ?";
  826 + objList.add(date);
  827 + objList.add(line);
790 } 828 }
791 if(type.equals("actual")){ 829 if(type.equals("actual")){
792 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 830 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
793 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 831 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
794 - + " where t.date='"+date+"' and xl ='"+line+"'"; 832 + + " where t.date = ? and xl = ?";
  833 + objList.add(date);
  834 + objList.add(line);
795 } 835 }
796 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 836 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
797 new RowMapper<Map<String, Object>>(){ 837 new RowMapper<Map<String, Object>>(){
798 @Override 838 @Override
799 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 839 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -837,9 +877,11 @@ public class BigdataService { @@ -837,9 +877,11 @@ public class BigdataService {
837 @GET 877 @GET
838 @Path("/abnormal/executionRate/date/{date}") 878 @Path("/abnormal/executionRate/date/{date}")
839 public List<Map<String, Object>> executionRate(@PathParam("date") String date) { 879 public List<Map<String, Object>> executionRate(@PathParam("date") String date) {
  880 + List<String> objList = new ArrayList<String>();
840 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 881 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
841 - + " where t.date='"+date+"' and push_type in ('1','3')";  
842 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 882 + + " where t.date = ? and push_type in ('1','3')";
  883 + objList.add(date);
  884 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
843 new RowMapper<Map<String, Object>>(){ 885 new RowMapper<Map<String, Object>>(){
844 @Override 886 @Override
845 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 887 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -859,9 +901,11 @@ public class BigdataService { @@ -859,9 +901,11 @@ public class BigdataService {
859 @GET 901 @GET
860 @Path("/abnormal/firstAndLast/date/{date}") 902 @Path("/abnormal/firstAndLast/date/{date}")
861 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) { 903 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) {
  904 + List<String> objList = new ArrayList<String>();
862 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 905 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
863 - + " where t.date='"+date+"' and push_type in ('2','3')";  
864 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 906 + + " where t.date = ? and push_type in ('2','3')";
  907 + objList.add(date);
  908 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
865 new RowMapper<Map<String, Object>>(){ 909 new RowMapper<Map<String, Object>>(){
866 @Override 910 @Override
867 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 911 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1049,15 +1093,20 @@ public class BigdataService { @@ -1049,15 +1093,20 @@ public class BigdataService {
1049 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}") 1093 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}")
1050 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate, 1094 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate,
1051 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1095 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1096 + List<String> objList = new ArrayList<String>();
1052 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc," 1097 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc,"
1053 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs," 1098 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs,"
1054 + " sjdgbcs from bsth_c_calc_count " 1099 + " sjdgbcs from bsth_c_calc_count "
1055 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1100 + + " where date >= ? and date <= ?";
  1101 + objList.add(starDate);
  1102 + objList.add(endDate);
  1103 +
1056 if(!line.equals("all")){ 1104 if(!line.equals("all")){
1057 - sql +=" and xl='"+line+"'"; 1105 + sql +=" and xl = ?";
  1106 + objList.add(line);
1058 } 1107 }
1059 1108
1060 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1109 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1061 new RowMapper<Map<String, Object>>(){ 1110 new RowMapper<Map<String, Object>>(){
1062 @Override 1111 @Override
1063 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1112 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1093,23 +1142,28 @@ public class BigdataService { @@ -1093,23 +1142,28 @@ public class BigdataService {
1093 @Path("/findByCompany/{company}/date/{date}") 1142 @Path("/findByCompany/{company}/date/{date}")
1094 public List<Map<String, Object>> findByCompany(@PathParam("company") String company, 1143 public List<Map<String, Object>> findByCompany(@PathParam("company") String company,
1095 @PathParam("date") String date) { 1144 @PathParam("date") String date) {
  1145 + List<String> objList = new ArrayList<String>();
1096 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl" 1146 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl"
1097 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage " 1147 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage "
1098 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf," 1148 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf,"
1099 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ," 1149 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ,"
1100 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN " 1150 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN "
1101 - + " (SELECT * from bsth_c_calc_sheet where date='"+date+"') b on a.line_code=b.xl"  
1102 - + " left join (select * from bsth_c_calc_count where date='"+date+"') c on a.line_code=c.xl "  
1103 - + " left join (select * from bsth_c_calc_count where date='"+date+"' " 1151 + + " (SELECT * from bsth_c_calc_sheet where date = ?) b on a.line_code=b.xl"
  1152 + + " left join (select * from bsth_c_calc_count where date = ?) c on a.line_code=c.xl "
  1153 + + " left join (select * from bsth_c_calc_count where date = ? "
1104 + " and xl_name like '%机场%') d on a.line_code=d.xl " 1154 + " and xl_name like '%机场%') d on a.line_code=d.xl "
1105 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t " 1155 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t "
1106 + " where t.date is not null "; 1156 + " where t.date is not null ";
  1157 + objList.add(date);
  1158 + objList.add(date);
  1159 + objList.add(date);
1107 if(!company.equals("all")){ 1160 if(!company.equals("all")){
1108 - sql +=" and t.company='"+company+"'"; 1161 + sql +=" and t.company = ?";
  1162 + objList.add(company);
1109 } 1163 }
1110 sql +=" group by t.company,t.date"; 1164 sql +=" group by t.company,t.date";
1111 1165
1112 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1166 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1113 new RowMapper<Map<String, Object>>(){ 1167 new RowMapper<Map<String, Object>>(){
1114 @Override 1168 @Override
1115 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1169 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1134,43 +1188,54 @@ public class BigdataService { @@ -1134,43 +1188,54 @@ public class BigdataService {
1134 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd"); 1188 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
1135 String d=sdf.format(new Date()); 1189 String d=sdf.format(new Date());
1136 String sql=""; 1190 String sql="";
  1191 + List<String> objList = new ArrayList<String>();
1137 if(gs.equals("all")){ 1192 if(gs.equals("all")){
1138 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1193 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1139 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl," 1194 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl,"
1140 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1195 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1141 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1196 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1142 + " and b.xl in(select a.line_code from bsth_c_line a where " 1197 + " and b.xl in(select a.line_code from bsth_c_line a where "
1143 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x " 1198 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x "
1144 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1199 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1145 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1200 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1146 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1201 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1147 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date<'"+d+"' and " 1202 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1148 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1203 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1149 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 "; 1204 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 ";
  1205 + objList.add("%"+date+"%");
  1206 + objList.add(d);
  1207 + objList.add("%"+date+"%");
  1208 + objList.add(d);
1150 1209
1151 }else{ 1210 }else{
1152 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1211 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1153 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl," 1212 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl,"
1154 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1213 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1155 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1214 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1156 + " and b.xl in(select a.line_code from bsth_c_line a where " 1215 + " and b.xl in(select a.line_code from bsth_c_line a where "
1157 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x " 1216 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x "
1158 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1217 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1159 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1218 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1160 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1219 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1161 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date <'"+d+"' and " 1220 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1162 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1221 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1163 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 "; 1222 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 ";
  1223 + objList.add("%"+date+"%");
  1224 + objList.add(d);
  1225 + objList.add("%"+date+"%");
  1226 + objList.add(d);
1164 1227
1165 } 1228 }
1166 if(!gs.equals("all")){ 1229 if(!gs.equals("all")){
1167 - sql += " and x.gsdm='"+gs+"'"; 1230 + sql += " and x.gsdm = ?";
  1231 + objList.add(gs);
1168 } 1232 }
1169 1233
1170 if(!fgs.equals("all")){ 1234 if(!fgs.equals("all")){
1171 - sql += " and x.fgsdm='"+fgs+"'"; 1235 + sql += " and x.fgsdm = ?";
  1236 + objList.add(fgs);
1172 } 1237 }
1173 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1238 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1174 new RowMapper<Map<String, Object>>(){ 1239 new RowMapper<Map<String, Object>>(){
1175 @Override 1240 @Override
1176 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1241 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1198,14 +1263,18 @@ public class BigdataService { @@ -1198,14 +1263,18 @@ public class BigdataService {
1198 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1263 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1199 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate, 1264 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate,
1200 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1265 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1266 + List<String> objList = new ArrayList<String>();
1201 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc," 1267 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc,"
1202 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz," 1268 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz,"
1203 + " sjdgbcs from bsth_c_calc_count " 1269 + " sjdgbcs from bsth_c_calc_count "
1204 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1270 + + " where date >= ? and date <= ?";
  1271 + objList.add(starDate);
  1272 + objList.add(endDate);
1205 if(!line.equals("all")){ 1273 if(!line.equals("all")){
1206 - sql +=" and xl='"+line+"'"; 1274 + sql +=" and xl = ?";
  1275 + objList.add(line);
1207 } 1276 }
1208 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1277 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1209 new RowMapper<Map<String, Object>>(){ 1278 new RowMapper<Map<String, Object>>(){
1210 @Override 1279 @Override
1211 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1280 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1235,14 +1304,18 @@ public class BigdataService { @@ -1235,14 +1304,18 @@ public class BigdataService {
1235 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1304 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1236 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate, 1305 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate,
1237 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1306 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1307 + List<String> objList = new ArrayList<String>();
1238 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl," 1308 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl,"
1239 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , " 1309 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , "
1240 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet " 1310 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet "
1241 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1311 + + " where date >= ? and date <= ?";
  1312 + objList.add(starDate);
  1313 + objList.add(endDate);
1242 if(!line.equals("all")){ 1314 if(!line.equals("all")){
1243 - sql +=" and xl='"+line+"'"; 1315 + sql +=" and xl = ?";
  1316 + objList.add(line);
1244 } 1317 }
1245 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1318 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1246 new RowMapper<Map<String, Object>>(){ 1319 new RowMapper<Map<String, Object>>(){
1247 @Override 1320 @Override
1248 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1321 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1266,18 +1339,22 @@ public class BigdataService { @@ -1266,18 +1339,22 @@ public class BigdataService {
1266 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}") 1339 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}")
1267 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate, 1340 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate,
1268 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1341 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1342 + List<String> objList = new ArrayList<String>();
1269 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz," 1343 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz,"
1270 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz," 1344 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz,"
1271 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz," 1345 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz,"
1272 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz," 1346 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz,"
1273 + " jhszfcs,sjszfczds,szfczdl," 1347 + " jhszfcs,sjszfczds,szfczdl,"
1274 + " create_date from bsth_c_calc_count " 1348 + " create_date from bsth_c_calc_count "
1275 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1349 + + " where date >= ? and date <= ?";
  1350 + objList.add(starDate);
  1351 + objList.add(endDate);
1276 if(!line.equals("all")){ 1352 if(!line.equals("all")){
1277 - sql +=" and xl='"+line+"'"; 1353 + sql +=" and xl = ?";
  1354 + objList.add(line);
1278 } 1355 }
1279 1356
1280 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1357 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1281 new RowMapper<Map<String, Object>>(){ 1358 new RowMapper<Map<String, Object>>(){
1282 @Override 1359 @Override
1283 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1360 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {