潘钊 / control_service_data_Interface · Commits

Commit f37406203aa8008ad95adb06b2075e92bc1493a0

Authored by 娄高锋
1 parent 068db64a
build: skipped

SQL注入漏洞;

Inline Side-by-side
Showing 1 changed file with 141 additions and 64 deletions
src/main/java/com/bsth/server_rs/bigdata/BigdataService.java
  View file @f374062
@@ -125,9 +125,11 @@ public class BigdataService { @@ -125,9 +125,11 @@ public class BigdataService {
125 } 125 }
126 public Map<String, Long> getEndtime(String date){ 126 public Map<String, Long> getEndtime(String date){
127 Map<String, Long> map=new HashMap<String,Long>(); 127 Map<String, Long> map=new HashMap<String,Long>();
  128 + List<String> objList = new ArrayList<String>();
128 String sql="select xl,endtime from bsth_c_calc_count " 129 String sql="select xl,endtime from bsth_c_calc_count "
129 - + " where date='"+date+"' ";  
130 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 130 + + " where date = ? ";
  131 + objList.add(date);
  132 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
131 new RowMapper<Map<String, Object>>(){ 133 new RowMapper<Map<String, Object>>(){
132 @Override 134 @Override
133 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 135 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -225,13 +227,15 @@ public class BigdataService { @@ -225,13 +227,15 @@ public class BigdataService {
225 @GET 227 @GET
226 @Path("/line/company/{companyId}") 228 @Path("/line/company/{companyId}")
227 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) { 229 public List<Map<String, Object>> findLineByCompany(@PathParam("companyId") String companyId) {
  230 + List<String> objList = new ArrayList<String>();
228 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 231 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
229 + " a.shanghai_linecode, a.nature from " 232 + " a.shanghai_linecode, a.nature from "
230 + " bsth_c_line a left join bsth_c_line_config b " 233 + " bsth_c_line a left join bsth_c_line_config b "
231 + " on a.id=b.line where " 234 + " on a.id=b.line where "
232 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 235 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
233 - + " and a.remove=0 and a.company = '"+companyId+"'";  
234 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 236 + + " and a.remove=0 and a.company = ?";
  237 + objList.add(companyId);
  238 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
235 new RowMapper<Map<String, Object>>(){ 239 new RowMapper<Map<String, Object>>(){
236 @Override 240 @Override
237 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 241 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -303,13 +307,15 @@ public class BigdataService { @@ -303,13 +307,15 @@ public class BigdataService {
303 @GET 307 @GET
304 @Path("/line/{lineCode}") 308 @Path("/line/{lineCode}")
305 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) { 309 public List<Map<String, Object>> findLineByCode(@PathParam("lineCode") String lineCode) {
  310 + List<String> objList = new ArrayList<String>();
306 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 311 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
307 + " a.shanghai_linecode, a.nature from " 312 + " a.shanghai_linecode, a.nature from "
308 + " bsth_c_line a left join bsth_c_line_config b " 313 + " bsth_c_line a left join bsth_c_line_config b "
309 + " on a.id=b.line where " 314 + " on a.id=b.line where "
310 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 315 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
311 - + " and a.remove=0 and a.line_code = '"+lineCode+"'";  
312 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 316 + + " and a.remove=0 and a.line_code = ?";
  317 + objList.add(lineCode);
  318 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
313 new RowMapper<Map<String, Object>>(){ 319 new RowMapper<Map<String, Object>>(){
314 @Override 320 @Override
315 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 321 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -381,13 +387,15 @@ public class BigdataService { @@ -381,13 +387,15 @@ public class BigdataService {
381 @GET 387 @GET
382 @Path("/line/level/{level}") 388 @Path("/line/level/{level}")
383 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) { 389 public List<Map<String, Object>> findLineByLevle(@PathParam("level") String level) {
  390 + List<String> objList = new ArrayList<String>();
384 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level," 391 String sql="SELECT b.start_opt,a.company,a.line_code,a.name,a.level,"
385 + " a.shanghai_linecode, a.nature from " 392 + " a.shanghai_linecode, a.nature from "
386 + " bsth_c_line a left join bsth_c_line_config b " 393 + " bsth_c_line a left join bsth_c_line_config b "
387 + " on a.id=b.line where " 394 + " on a.id=b.line where "
388 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 " 395 + " a.shanghai_linecode is not null and a.shanghai_linecode !='' and a.destroy=0 "
389 - + " and a.remove=0 and a.level = '"+level+"'";  
390 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 396 + + " and a.remove=0 and a.level = ?";
  397 + objList.add(level);
  398 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
391 new RowMapper<Map<String, Object>>(){ 399 new RowMapper<Map<String, Object>>(){
392 @Override 400 @Override
393 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 401 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -467,15 +475,18 @@ public class BigdataService { @@ -467,15 +475,18 @@ public class BigdataService {
467 @Path("/lineCar/{type}/date/{date}") 475 @Path("/lineCar/{type}/date/{date}")
468 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) { 476 public List<Map<String, Object>> findLineCarByDate(@PathParam("type") String type,@PathParam("date") String date) {
469 String sql=""; 477 String sql="";
  478 + List<String> objList = new ArrayList<String>();
470 if(type.equals("all")){ 479 if(type.equals("all")){
471 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 480 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
472 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 481 + + " from bsth_c_calc_count t where t.date = ?";
  482 + objList.add(date);
473 } 483 }
474 if(type.equals("actual")){ 484 if(type.equals("actual")){
475 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 485 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
476 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 486 + + " from bsth_c_calc_count t where t.date = ?";
  487 + objList.add(date);
477 } 488 }
478 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 489 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
479 new RowMapper<Map<String, Object>>(){ 490 new RowMapper<Map<String, Object>>(){
480 @Override 491 @Override
481 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 492 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -500,18 +511,23 @@ public class BigdataService { @@ -500,18 +511,23 @@ public class BigdataService {
500 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date, 511 public List<Map<String, Object>> findLineCarByDateLine(@PathParam("type") String type,@PathParam("date") String date,
501 @PathParam("line") String line) { 512 @PathParam("line") String line) {
502 String sql=""; 513 String sql="";
  514 + List<String> objList = new ArrayList<String>();
503 if(type.equals("all")){ 515 if(type.equals("all")){
504 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc" 516 sql="select t.gsdm,t.xl,t.xl_name,t.jhccz as jhcc,t.sjcc"
505 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
506 - + " and xl ='"+line+"'"; 517 + + " from bsth_c_calc_count t where t.date = ?"
  518 + + " and xl = ?";
  519 + objList.add(date);
  520 + objList.add(line);
507 } 521 }
508 if(type.equals("actual")){ 522 if(type.equals("actual")){
509 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc" 523 sql="select t.gsdm,t.xl,t.xl_name,t.jhcc as jhcc,t.sjcc"
510 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
511 - + " and xl ='"+line+"'"; 524 + + " from bsth_c_calc_count t where t.date = ?"
  525 + + " and xl = ?";
  526 + objList.add(date);
  527 + objList.add(line);
512 528
513 } 529 }
514 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 530 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
515 new RowMapper<Map<String, Object>>(){ 531 new RowMapper<Map<String, Object>>(){
516 @Override 532 @Override
517 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 533 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -540,15 +556,18 @@ public class BigdataService { @@ -540,15 +556,18 @@ public class BigdataService {
540 @Path("/linePerson/{type}/date/{date}") 556 @Path("/linePerson/{type}/date/{date}")
541 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) { 557 public List<Map<String, Object>> findLinePersonByDate(@PathParam("type") String type,@PathParam("date") String date) {
542 String sql=""; 558 String sql="";
  559 + List<String> objList = new ArrayList<String>();
543 if(type.equals("all")){ 560 if(type.equals("all")){
544 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 561 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
545 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 562 + + " from bsth_c_calc_count t where t.date = ?";
  563 + objList.add(date);
546 } 564 }
547 if(type.equals("actual")){ 565 if(type.equals("actual")){
548 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 566 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
549 - + " from bsth_c_calc_count t where t.date='"+date+"'"; 567 + + " from bsth_c_calc_count t where t.date = ?";
  568 + objList.add(date);
550 } 569 }
551 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 570 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
552 new RowMapper<Map<String, Object>>(){ 571 new RowMapper<Map<String, Object>>(){
553 @Override 572 @Override
554 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 573 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -577,17 +596,22 @@ public class BigdataService { @@ -577,17 +596,22 @@ public class BigdataService {
577 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date, 596 public List<Map<String, Object>> findLinePersonByDateLine(@PathParam("type") String type,@PathParam("date") String date,
578 @PathParam("line") String line) { 597 @PathParam("line") String line) {
579 String sql=""; 598 String sql="";
  599 + List<String> objList = new ArrayList<String>();
580 if(type.equals("all")){ 600 if(type.equals("all")){
581 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr" 601 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprz as jhpr,t.sjpr"
582 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
583 - + " and xl ='"+line+"'"; 602 + + " from bsth_c_calc_count t where t.date = ?"
  603 + + " and xl = ?";
  604 + objList.add(date);
  605 + objList.add(line);
584 } 606 }
585 if(type.equals("actual")){ 607 if(type.equals("actual")){
586 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr" 608 sql="select t.date,t.gsdm,t.xl,t.xl_name,t.jhprss as jhpr,t.sjpr"
587 - + " from bsth_c_calc_count t where t.date='"+date+"'"  
588 - + " and xl ='"+line+"'"; 609 + + " from bsth_c_calc_count t where t.date = ?"
  610 + + " and xl = ?";
  611 + objList.add(date);
  612 + objList.add(line);
589 } 613 }
590 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 614 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
591 new RowMapper<Map<String, Object>>(){ 615 new RowMapper<Map<String, Object>>(){
592 @Override 616 @Override
593 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 617 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -626,17 +650,20 @@ public class BigdataService { @@ -626,17 +650,20 @@ public class BigdataService {
626 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type, 650 public List<Map<String, Object>> findLineBcByDate(@PathParam("type") String type,
627 @PathParam("date") String date) { 651 @PathParam("date") String date) {
628 String sql=""; 652 String sql="";
  653 + List<String> objList = new ArrayList<String>();
629 if(type.equals("all")){ 654 if(type.equals("all")){
630 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 655 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
631 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 656 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
632 - + " where t.date='"+date+"'"; 657 + + " where t.date = ?";
  658 + objList.add(date);
633 } 659 }
634 if(type.equals("actual")){ 660 if(type.equals("actual")){
635 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 661 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
636 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 662 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
637 - + " where t.date='"+date+"'"; 663 + + " where t.date = ?";
  664 + objList.add(date);
638 } 665 }
639 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 666 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
640 new RowMapper<Map<String, Object>>(){ 667 new RowMapper<Map<String, Object>>(){
641 @Override 668 @Override
642 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 669 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -663,17 +690,22 @@ public class BigdataService { @@ -663,17 +690,22 @@ public class BigdataService {
663 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type, 690 public List<Map<String, Object>> findLineBcByDateLine(@PathParam("type") String type,
664 @PathParam("date") String date,@PathParam("line") String line) { 691 @PathParam("date") String date,@PathParam("line") String line) {
665 String sql=""; 692 String sql="";
  693 + List<String> objList = new ArrayList<String>();
666 if(type.equals("all")){ 694 if(type.equals("all")){
667 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc," 695 sql="select t.gsdm,t.xl,t.xl_name,t.jhbcz as jhbc,t.jhzgfbcz as jhzgfbc,"
668 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t " 696 + " t.jhwgfbcz as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t "
669 - + " where t.date='"+date+"' and xl='"+line+"'"; 697 + + " where t.date = ? and xl = ?";
  698 + objList.add(date);
  699 + objList.add(line);
670 } 700 }
671 if(type.equals("actual")){ 701 if(type.equals("actual")){
672 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc," 702 sql="select t.gsdm,t.xl,t.xl_name,t.jhbc as jhbc,t.jhzgfbcss as jhzgfbc,"
673 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t" 703 + " t.jhwgfbcss as jhwgfbc,t.sjbc,t.sjzgfbc,t.sjwgfbc from bsth_c_calc_count t"
674 - + " where t.date='"+date+"' and xl='"+line+"'"; 704 + + " where t.date = ? and xl = ?";
  705 + objList.add(date);
  706 + objList.add(line);
675 } 707 }
676 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 708 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
677 new RowMapper<Map<String, Object>>(){ 709 new RowMapper<Map<String, Object>>(){
678 @Override 710 @Override
679 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 711 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -707,17 +739,20 @@ public class BigdataService { @@ -707,17 +739,20 @@ public class BigdataService {
707 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type, 739 public List<Map<String, Object>> findLineLcByDate(@PathParam("type") String type,
708 @PathParam("date") String date) { 740 @PathParam("date") String date) {
709 String sql=""; 741 String sql="";
  742 + List<String> objList = new ArrayList<String>();
710 if(type.equals("all")){ 743 if(type.equals("all")){
711 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 744 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
712 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 745 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
713 - + " where t.date='"+date+"'"; 746 + + " where t.date = ?";
  747 + objList.add(date);
714 } 748 }
715 if(type.equals("actual")){ 749 if(type.equals("actual")){
716 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 750 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
717 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 751 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
718 - + " where t.date='"+date+"'"; 752 + + " where t.date = ?";
  753 + objList.add(date);
719 } 754 }
720 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 755 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
721 new RowMapper<Map<String, Object>>(){ 756 new RowMapper<Map<String, Object>>(){
722 @Override 757 @Override
723 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 758 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -757,17 +792,22 @@ public class BigdataService { @@ -757,17 +792,22 @@ public class BigdataService {
757 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type, 792 public List<Map<String, Object>> findLineLcByDateLine(@PathParam("type") String type,
758 @PathParam("date") String date,@PathParam("line") String line) { 793 @PathParam("date") String date,@PathParam("line") String line) {
759 String sql=""; 794 String sql="";
  795 + List<String> objList = new ArrayList<String>();
760 if(type.equals("all")){ 796 if(type.equals("all")){
761 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc," 797 sql="select t.gsdm,t.xl,t.xl_name,t.jhzglz as jhzlc,t.jhyylcz as jhyylc,"
762 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 798 + " t.jhkslcz as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
763 - + " where t.date='"+date+"' and xl ='"+line+"'"; 799 + + " where t.date = ? and xl = ?";
  800 + objList.add(date);
  801 + objList.add(line);
764 } 802 }
765 if(type.equals("actual")){ 803 if(type.equals("actual")){
766 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc," 804 sql="select t.gsdm,t.xl,t.xl_name,t.jhzgl as jhzlc,t.jhyylc as jhyylc,"
767 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t" 805 + " t.jhkslc as jhkslc,t.sjzgl as sjzlc,t.sjyylc,t.sjkslc from bsth_c_calc_count t"
768 - + " where t.date='"+date+"' and xl ='"+line+"'"; 806 + + " where t.date = ? and xl = ?";
  807 + objList.add(date);
  808 + objList.add(line);
769 } 809 }
770 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 810 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
771 new RowMapper<Map<String, Object>>(){ 811 new RowMapper<Map<String, Object>>(){
772 @Override 812 @Override
773 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 813 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -811,9 +851,11 @@ public class BigdataService { @@ -811,9 +851,11 @@ public class BigdataService {
811 @GET 851 @GET
812 @Path("/abnormal/executionRate/date/{date}") 852 @Path("/abnormal/executionRate/date/{date}")
813 public List<Map<String, Object>> executionRate(@PathParam("date") String date) { 853 public List<Map<String, Object>> executionRate(@PathParam("date") String date) {
  854 + List<String> objList = new ArrayList<String>();
814 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 855 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
815 - + " where t.date='"+date+"' and push_type in ('1','3')";  
816 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 856 + + " where t.date = ? and push_type in ('1','3')";
  857 + objList.add(date);
  858 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
817 new RowMapper<Map<String, Object>>(){ 859 new RowMapper<Map<String, Object>>(){
818 @Override 860 @Override
819 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 861 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -833,9 +875,11 @@ public class BigdataService { @@ -833,9 +875,11 @@ public class BigdataService {
833 @GET 875 @GET
834 @Path("/abnormal/firstAndLast/date/{date}") 876 @Path("/abnormal/firstAndLast/date/{date}")
835 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) { 877 public List<Map<String, Object>> firstAndLast(@PathParam("date") String date) {
  878 + List<String> objList = new ArrayList<String>();
836 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t" 879 String sql="select gs_name,show_date,xl_bm,xl_name from bsth_c_calc_push t"
837 - + " where t.date='"+date+"' and push_type in ('2','3')";  
838 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 880 + + " where t.date = ? and push_type in ('2','3')";
  881 + objList.add(date);
  882 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
839 new RowMapper<Map<String, Object>>(){ 883 new RowMapper<Map<String, Object>>(){
840 @Override 884 @Override
841 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 885 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1023,15 +1067,20 @@ public class BigdataService { @@ -1023,15 +1067,20 @@ public class BigdataService {
1023 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}") 1067 @Path("/findByAll/starDate/{starDate}/endDate/{endDate}/line/{line}")
1024 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate, 1068 public List<Map<String, Object>> findMinhang(@PathParam("starDate") String starDate,
1025 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1069 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1070 + List<String> objList = new ArrayList<String>();
1026 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc," 1071 String sql="select xl,xl_name,date,jhszfcs,sjszfczds,jhbc,sjbc,jhcc,sjcc,"
1027 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs," 1072 + " jhyylc,sjyylc,jhkslc,sjkslc,jhssgfbcs,sjgfbcs,jhssdgbcs,"
1028 + " sjdgbcs from bsth_c_calc_count " 1073 + " sjdgbcs from bsth_c_calc_count "
1029 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1074 + + " where date >= ? and date <= ?";
  1075 + objList.add(starDate);
  1076 + objList.add(endDate);
  1077 +
1030 if(!line.equals("all")){ 1078 if(!line.equals("all")){
1031 - sql +=" and xl='"+line+"'"; 1079 + sql +=" and xl = ?";
  1080 + objList.add(line);
1032 } 1081 }
1033 1082
1034 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1083 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1035 new RowMapper<Map<String, Object>>(){ 1084 new RowMapper<Map<String, Object>>(){
1036 @Override 1085 @Override
1037 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1086 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1067,23 +1116,28 @@ public class BigdataService { @@ -1067,23 +1116,28 @@ public class BigdataService {
1067 @Path("/findByCompany/{company}/date/{date}") 1116 @Path("/findByCompany/{company}/date/{date}")
1068 public List<Map<String, Object>> findByCompany(@PathParam("company") String company, 1117 public List<Map<String, Object>> findByCompany(@PathParam("company") String company,
1069 @PathParam("date") String date) { 1118 @PathParam("date") String date) {
  1119 + List<String> objList = new ArrayList<String>();
1070 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl" 1120 String sql="select t.company as gs_code,t.date,SUM(t.jhcczgf) as jhccs ,SUM(t.sjcczgf) as ccs,AVG(ccl) as ccl"
1071 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage " 1121 + " ,SUM(t.sjzgl*1000)/1000 as sum_mileage ,SUM(jcgl*1000)/1000 as airpor_mileage "
1072 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf," 1122 + " from (select a.line_code,b.date,a.company,b.jhcczgf,b.sjcczgf,"
1073 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ," 1123 + " round(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0)),3) as ccl,c.sjzgl ,"
1074 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN " 1124 + " ifnull(d.sjzgl,0) as jcgl from bsth_c_line a LEFT JOIN "
1075 - + " (SELECT * from bsth_c_calc_sheet where date='"+date+"') b on a.line_code=b.xl"  
1076 - + " left join (select * from bsth_c_calc_count where date='"+date+"') c on a.line_code=c.xl "  
1077 - + " left join (select * from bsth_c_calc_count where date='"+date+"' " 1125 + + " (SELECT * from bsth_c_calc_sheet where date = ?) b on a.line_code=b.xl"
  1126 + + " left join (select * from bsth_c_calc_count where date = ?) c on a.line_code=c.xl "
  1127 + + " left join (select * from bsth_c_calc_count where date = ? "
1078 + " and xl_name like '%机场%') d on a.line_code=d.xl " 1128 + " and xl_name like '%机场%') d on a.line_code=d.xl "
1079 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t " 1129 + " where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl')) t "
1080 + " where t.date is not null "; 1130 + " where t.date is not null ";
  1131 + objList.add(date);
  1132 + objList.add(date);
  1133 + objList.add(date);
1081 if(!company.equals("all")){ 1134 if(!company.equals("all")){
1082 - sql +=" and t.company='"+company+"'"; 1135 + sql +=" and t.company = ?";
  1136 + objList.add(company);
1083 } 1137 }
1084 sql +=" group by t.company,t.date"; 1138 sql +=" group by t.company,t.date";
1085 1139
1086 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1140 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1087 new RowMapper<Map<String, Object>>(){ 1141 new RowMapper<Map<String, Object>>(){
1088 @Override 1142 @Override
1089 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1143 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1108,43 +1162,54 @@ public class BigdataService { @@ -1108,43 +1162,54 @@ public class BigdataService {
1108 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd"); 1162 SimpleDateFormat sdf =new SimpleDateFormat("yyyy-MM-dd");
1109 String d=sdf.format(new Date()); 1163 String d=sdf.format(new Date());
1110 String sql=""; 1164 String sql="";
  1165 + List<String> objList = new ArrayList<String>();
1111 if(gs.equals("all")){ 1166 if(gs.equals("all")){
1112 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1167 sql ="select x.gsdm,'' as fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1113 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl," 1168 + " select b.gsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3)* 100 as zgf_ccl,"
1114 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1169 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1115 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1170 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1116 + " and b.xl in(select a.line_code from bsth_c_line a where " 1171 + " and b.xl in(select a.line_code from bsth_c_line a where "
1117 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x " 1172 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm ) x "
1118 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1173 + " left join (select c.gsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1119 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1174 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1120 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1175 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1121 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date<'"+d+"' and " 1176 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1122 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1177 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1123 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 "; 1178 + " group by c.gsdm ) y on x.gsdm=y.gsdm where 1=1 ";
  1179 + objList.add("%"+date+"%");
  1180 + objList.add(d);
  1181 + objList.add("%"+date+"%");
  1182 + objList.add(d);
1124 1183
1125 }else{ 1184 }else{
1126 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from (" 1185 sql ="select x.gsdm,x.fgsdm,x.smb_zdl,x.zgf_ccl,y.yylc_zxl,y.szfc_zdl,y.bc_zxl from ("
1127 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl," 1186 + " select b.gsdm,b.fgsdm,round(avg(if(ifnull(b.sjcczgf/b.jhcczgf,0)>1,1,ifnull(b.sjcczgf/b.jhcczgf,0))),3) * 100 as zgf_ccl,"
1128 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from " 1187 + " round(avg(ifnull(b.smbfczdl,0)),3) as smb_zdl from "
1129 - + " bsth_c_calc_sheet b where b.date like '%"+date+"%' and b.date<'"+d+"' " 1188 + + " bsth_c_calc_sheet b where b.date like ? and b.date < ? "
1130 + " and b.xl in(select a.line_code from bsth_c_line a where " 1189 + " and b.xl in(select a.line_code from bsth_c_line a where "
1131 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x " 1190 + " a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) group by b.gsdm,b.fgsdm ) x "
1132 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl," 1191 + " left join (select c.gsdm,c.fgsdm,round(avg(if(CONVERT(c.yylczxl,DECIMAL(9,2))>100,100,c.yylczxl)),3) as yylc_zxl,"
1133 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl," 1192 + " round(avg(if(CONVERT(c.szfczdl,DECIMAL(9,2))>100,100,c.szfczdl)),3) as szfc_zdl,"
1134 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl " 1193 + " round(avg(if(CONVERT(c.bczxl,DECIMAL(9,2))>100,100,c.bczxl)),3) as bc_zxl "
1135 - + " from bsth_c_calc_count c where c.date like '%"+date+"%' and c.date <'"+d+"' and " 1194 + + " from bsth_c_calc_count c where c.date like ? and c.date < ? and "
1136 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) " 1195 + " c.xl in(select a.line_code from bsth_c_line a where a.nature in ('yxl','cgxl','gjxl','csbs','cctxl') ) "
1137 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 "; 1196 + " group by c.gsdm,c.fgsdm ) y on x.gsdm=y.gsdm and x.fgsdm=y.fgsdm where 1=1 ";
  1197 + objList.add("%"+date+"%");
  1198 + objList.add(d);
  1199 + objList.add("%"+date+"%");
  1200 + objList.add(d);
1138 1201
1139 } 1202 }
1140 if(!gs.equals("all")){ 1203 if(!gs.equals("all")){
1141 - sql += " and x.gsdm='"+gs+"'"; 1204 + sql += " and x.gsdm = ?";
  1205 + objList.add(gs);
1142 } 1206 }
1143 1207
1144 if(!fgs.equals("all")){ 1208 if(!fgs.equals("all")){
1145 - sql += " and x.fgsdm='"+fgs+"'"; 1209 + sql += " and x.fgsdm = ?";
  1210 + objList.add(fgs);
1146 } 1211 }
1147 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1212 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1148 new RowMapper<Map<String, Object>>(){ 1213 new RowMapper<Map<String, Object>>(){
1149 @Override 1214 @Override
1150 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1215 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1172,14 +1237,18 @@ public class BigdataService { @@ -1172,14 +1237,18 @@ public class BigdataService {
1172 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1237 @Path("/basicData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1173 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate, 1238 public List<Map<String, Object>> basicData(@PathParam("starDate") String starDate,
1174 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1239 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1240 + List<String> objList = new ArrayList<String>();
1175 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc," 1241 String sql="select gsdm,fgsdm,xl,xl_name,date,jhbc,sjbc,"
1176 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz," 1242 + " jhyylc,sjyylc,jhkslc,sjkslc,jhgfbcsz,sjgfbcs,jhdgbcsz,"
1177 + " sjdgbcs from bsth_c_calc_count " 1243 + " sjdgbcs from bsth_c_calc_count "
1178 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1244 + + " where date >= ? and date <= ?";
  1245 + objList.add(starDate);
  1246 + objList.add(endDate);
1179 if(!line.equals("all")){ 1247 if(!line.equals("all")){
1180 - sql +=" and xl='"+line+"'"; 1248 + sql +=" and xl = ?";
  1249 + objList.add(line);
1181 } 1250 }
1182 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1251 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1183 new RowMapper<Map<String, Object>>(){ 1252 new RowMapper<Map<String, Object>>(){
1184 @Override 1253 @Override
1185 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1254 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1209,14 +1278,18 @@ public class BigdataService { @@ -1209,14 +1278,18 @@ public class BigdataService {
1209 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}") 1278 @Path("/targetData/starDate/{starDate}/endDate/{endDate}/line/{line}")
1210 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate, 1279 public List<Map<String, Object>> targetData(@PathParam("starDate") String starDate,
1211 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1280 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1281 + List<String> objList = new ArrayList<String>();
1212 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl," 1282 String sql="select gsdm,fgsdm,date,xl,xl_name,szfczdl,smbfczdl,"
1213 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , " 1283 + " round(if(ifnull(sjcczgf/jhcczgf,0)>1,1,ifnull(sjcczgf/jhcczgf,0)),3) * 100 as zgfccl , "
1214 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet " 1284 + " round(if(ifnull(sjcc/jhcc,0)>1,1,ifnull(sjcc/jhcc,0)),3) * 100 as ccl from bsth_c_calc_sheet "
1215 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1285 + + " where date >= ? and date <= ?";
  1286 + objList.add(starDate);
  1287 + objList.add(endDate);
1216 if(!line.equals("all")){ 1288 if(!line.equals("all")){
1217 - sql +=" and xl='"+line+"'"; 1289 + sql +=" and xl = ?";
  1290 + objList.add(line);
1218 } 1291 }
1219 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1292 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1220 new RowMapper<Map<String, Object>>(){ 1293 new RowMapper<Map<String, Object>>(){
1221 @Override 1294 @Override
1222 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1295 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {
@@ -1240,18 +1313,22 @@ public class BigdataService { @@ -1240,18 +1313,22 @@ public class BigdataService {
1240 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}") 1313 @Path("/departureTime/starDate/{starDate}/endDate/{endDate}/line/{line}")
1241 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate, 1314 public List<Map<String, Object>> departureTime(@PathParam("starDate") String starDate,
1242 @PathParam("endDate") String endDate,@PathParam("line") String line) { 1315 @PathParam("endDate") String endDate,@PathParam("line") String line) {
  1316 + List<String> objList = new ArrayList<String>();
1243 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz," 1317 String sql="select xl,xl_name,date,jhbc,bczxl,jhbcz,sjbc,jhcc,sjcc,ccl,jhccz,"
1244 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz," 1318 + " jhyylc,sjyylc,jhyylcz,jhkslc,sjkslc,jhkslcz,"
1245 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz," 1319 + " jhssgfbcs,sjgfbcs,jhgfbcsz,jhssdgbcs,sjdgbcs,jhdgbcsz,"
1246 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz," 1320 + " jhsmbcs,sjsmbczds,smbczdl,jhsmbcsz,sjsmbczdsz,smbczdlz,"
1247 + " jhszfcs,sjszfczds,szfczdl," 1321 + " jhszfcs,sjszfczds,szfczdl,"
1248 + " create_date from bsth_c_calc_count " 1322 + " create_date from bsth_c_calc_count "
1249 - + " where date>='"+starDate+"' and date<= '"+endDate+"'"; 1323 + + " where date >= ? and date <= ?";
  1324 + objList.add(starDate);
  1325 + objList.add(endDate);
1250 if(!line.equals("all")){ 1326 if(!line.equals("all")){
1251 - sql +=" and xl='"+line+"'"; 1327 + sql +=" and xl = ?";
  1328 + objList.add(line);
1252 } 1329 }
1253 1330
1254 - List<Map<String, Object>> list=jdbcTemplate.query(sql, 1331 + List<Map<String, Object>> list=jdbcTemplate.query(sql, objList.toArray(),
1255 new RowMapper<Map<String, Object>>(){ 1332 new RowMapper<Map<String, Object>>(){
1256 @Override 1333 @Override
1257 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException { 1334 public Map<String, Object> mapRow(ResultSet rs, int rowNum) throws SQLException {