Skip to content

Commit e7c415e

Browse files
dragonpooludomikula
dragonpoo
authored and
ludomikula
committed
Fixed the issue that orderby parameter was replacing only first match.
1 parent b839e65 commit e7c415e

File tree

1 file changed

+35
-31
lines changed

1 file changed

+35
-31
lines changed

server/api-service/lowcoder-plugins/sqlBasedPlugin/src/main/java/org/lowcoder/plugin/sql/GeneralSqlExecutor.java

+35-31
Original file line numberDiff line numberDiff line change
@@ -149,44 +149,48 @@ private Pair<Statement, Boolean> getStatementAndExecute(Connection connection, S
149149
String sql = statementInput.getSql();
150150
List<Object> params = statementInput.getParams();
151151

152-
int orderByIndex = -1;
153-
String sortValue = null;
154-
for (int i = 0; i < params.size(); i++) {
155-
Object param = params.get(i);
156-
if (param instanceof Map<?, ?> map && map.containsKey("sort")) {
157-
orderByIndex = i; // Index of the ? to replace (0-based)
158-
sortValue = String.valueOf(map.get("sort")); // e.g., "ASC" or "DESC"
159-
break;
152+
int orderByIndex;
153+
String sortValue;
154+
do {
155+
orderByIndex = -1;
156+
sortValue = null;
157+
for (int i = 0; i < params.size(); i++) {
158+
Object param = params.get(i);
159+
if (param instanceof Map<?, ?> map && map.containsKey("sort")) {
160+
orderByIndex = i; // Index of the ? to replace (0-based)
161+
sortValue = String.valueOf(map.get("sort")); // e.g., "ASC" or "DESC"
162+
break;
163+
}
160164
}
161-
}
162165

163-
if (orderByIndex >= 0 && sortValue != null) {
164-
// Validate sortValue to prevent SQL injection
165-
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
166-
sortValue = "ASC"; // Default to ASC if invalid
167-
}
166+
if (orderByIndex >= 0 && sortValue != null) {
167+
// Validate sortValue to prevent SQL injection
168+
if (!sortValue.equalsIgnoreCase("ASC") && !sortValue.equalsIgnoreCase("DESC")) {
169+
sortValue = "ASC"; // Default to ASC if invalid
170+
}
168171

169-
// Split the SQL at the ? placeholders
170-
String[] sqlParts = sql.split("\\?", -1);
171-
if (orderByIndex < sqlParts.length - 1) {
172-
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
173-
StringBuilder newSql = new StringBuilder();
174-
for (int i = 0; i < sqlParts.length; i++) {
175-
newSql.append(sqlParts[i]);
176-
if (i < sqlParts.length - 1) {
177-
if (i == orderByIndex) {
178-
newSql.append(sortValue); // Insert ASC or DESC
179-
} else {
180-
newSql.append("?"); // Keep other placeholders
172+
// Split the SQL at the ? placeholders
173+
String[] sqlParts = sql.split("\\?", -1);
174+
if (orderByIndex < sqlParts.length - 1) {
175+
// Rebuild the SQL, replacing the ? at orderByIndex with sortValue
176+
StringBuilder newSql = new StringBuilder();
177+
for (int i = 0; i < sqlParts.length; i++) {
178+
newSql.append(sqlParts[i]);
179+
if (i < sqlParts.length - 1) {
180+
if (i == orderByIndex) {
181+
newSql.append(sortValue); // Insert ASC or DESC
182+
} else {
183+
newSql.append("?"); // Keep other placeholders
184+
}
181185
}
182186
}
183-
}
184-
sql = newSql.toString();
187+
sql = newSql.toString();
185188

186-
// Remove the Map from params since it's no longer a bind parameter
187-
params.remove(orderByIndex);
189+
// Remove the Map from params since it's no longer a bind parameter
190+
params.remove(orderByIndex);
191+
}
188192
}
189-
}
193+
} while(orderByIndex >= 0);
190194

191195
var statement = connection.prepareStatement(sql, Statement.RETURN_GENERATED_KEYS);
192196

0 commit comments

Comments
 (0)