問題
在項目中遇到一個問題,前端輸入一些html標簽時,傳到后台會被轉義掉。導致回顯的時候數據錯誤
原因和思路
debug時看到后台接收到的數據就已經是被轉義掉的。存入到數據庫時數據也就錯誤了。我把原數據存入到數據庫時,顯示是正常的。所以我就想着在存入數據庫時對數據進行下解碼
代碼
package com.sgcc.sgcip.biz.economy.util; import com.baomidou.mybatisplus.core.toolkit.PluginUtils; import com.baomidou.mybatisplus.extension.handlers.AbstractSqlParserHandler; import org.apache.commons.lang3.StringEscapeUtils; import org.apache.ibatis.executor.statement.StatementHandler; import org.apache.ibatis.mapping.BoundSql; import org.apache.ibatis.mapping.MappedStatement; import org.apache.ibatis.mapping.ParameterMapping; import org.apache.ibatis.mapping.SqlCommandType; import org.apache.ibatis.plugin.*; import org.apache.ibatis.reflection.DefaultReflectorFactory; import org.apache.ibatis.reflection.MetaObject; import org.apache.ibatis.reflection.SystemMetaObject; import org.apache.ibatis.reflection.factory.DefaultObjectFactory; import org.apache.ibatis.reflection.factory.ObjectFactory; import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory; import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory; import org.springframework.stereotype.Component; import java.sql.Connection; import java.util.List; import java.util.Properties; @Intercepts({ @Signature(type = StatementHandler.class, method = "prepare", args = { Connection.class, Integer.class }) }) @Component public class DataScopeInterceptor extends AbstractSqlParserHandler implements Interceptor { private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory(); private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory(); @Override public Object intercept(Invocation invocation) throws Throwable { StatementHandler statementHandler = PluginUtils.realTarget(invocation.getTarget()); MetaObject metaObject = SystemMetaObject.forObject(statementHandler); this.sqlParser(metaObject); // 先判斷是不是update 和 insert操作 不是直接過濾 MappedStatement mappedStatement = (MappedStatement) metaObject.getValue("delegate.mappedStatement"); if (!SqlCommandType.UPDATE.equals(mappedStatement.getSqlCommandType()) && !SqlCommandType.INSERT .equals(mappedStatement.getSqlCommandType())) { return invocation.proceed(); } BoundSql boundSql = (BoundSql) metaObject.getValue("delegate.boundSql"); //入參 Object parameterObject = boundSql.getParameterObject(); List<ParameterMapping> parameterMappings = boundSql.getParameterMappings(); modifyLikeSql(parameterObject,parameterMappings); return invocation.proceed(); } public static void modifyLikeSql(Object parameterObject,List<ParameterMapping> parameterMappings) { for(ParameterMapping parameterMapping:parameterMappings) { String property = parameterMapping.getProperty(); MetaObject metaObject = MetaObject.forObject(parameterObject, DEFAULT_OBJECT_FACTORY, DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory()); Object val = metaObject.getValue(property); if (val != null && val instanceof String) { val = StringEscapeUtils.unescapeXml(val.toString()); metaObject.setValue(property, val); } } } /** * 生成攔截對象的代理 * * @param target 目標對象 * @return 代理對象 */ @Override public Object plugin(Object target) { if (target instanceof StatementHandler) { return Plugin.wrap(target, this); } return target; } /** * mybatis配置的屬性 * * @param properties mybatis配置的屬性 */ @Override public void setProperties(Properties properties) { } }
這里只對添加和修改的語句進行修改