From c24cd14fd700b2846623d0c3e9683adb30c7062b Mon Sep 17 00:00:00 2001
From: RuoYi <yzz_ivy@163.com>
Date: 星期四, 27 五月 2021 17:55:05 +0800
Subject: [PATCH] 修复两处存在SQL注入漏洞问题

---
 src/main/resources/mybatis/system/SysUserMapper.xml |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/main/resources/mybatis/system/SysUserMapper.xml b/src/main/resources/mybatis/system/SysUserMapper.xml
index f961e45..4b6807d 100644
--- a/src/main/resources/mybatis/system/SysUserMapper.xml
+++ b/src/main/resources/mybatis/system/SysUserMapper.xml
@@ -141,8 +141,8 @@
  			<if test="deptId != null and deptId != 0">dept_id = #{deptId},</if>
  			<if test="userName != null and userName != ''">user_name = #{userName},</if>
  			<if test="nickName != null and nickName != ''">nick_name = #{nickName},</if>
- 			<if test="email != null and email != ''">email = #{email},</if>
- 			<if test="phonenumber != null and phonenumber != ''">phonenumber = #{phonenumber},</if>
+ 			<if test="email != null ">email = #{email},</if>
+ 			<if test="phonenumber != null ">phonenumber = #{phonenumber},</if>
  			<if test="sex != null and sex != ''">sex = #{sex},</if>
  			<if test="avatar != null and avatar != ''">avatar = #{avatar},</if>
  			<if test="password != null and password != ''">password = #{password},</if>
@@ -169,7 +169,7 @@
 	</update>
 	
 	<delete id="deleteUserById" parameterType="Long">
- 		delete from sys_user where user_id = #{userId}
+ 		update sys_user set del_flag = '2' where user_id = #{userId}
  	</delete>
  	
  	<delete id="deleteUserByIds" parameterType="Long">

--
Gitblit v1.9.3