From e79d60e4f4ed4f3cabf99a1172a41612c2d3bce1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=96=E4=BA=96=E4=BC=8D?= Date: Sat, 9 Nov 2024 11:53:58 +0800 Subject: [PATCH] =?UTF-8?q?=E8=AF=BB=E5=8F=96=20dbadapter=20=E4=BB=A5?= =?UTF-8?q?=E5=B0=BD=E5=8F=AF=E8=83=BD=E7=9A=84=E5=85=BC=E5=AE=B9=E4=B8=8D?= =?UTF-8?q?=E5=90=8C=E6=95=B0=E6=8D=AE=E5=BA=93?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- models/DocumentSearchResult.go | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/models/DocumentSearchResult.go b/models/DocumentSearchResult.go index c124f06d..c747633c 100644 --- a/models/DocumentSearchResult.go +++ b/models/DocumentSearchResult.go @@ -36,6 +36,15 @@ func need_escape(keyword string) bool { return false } +func escape_name(name string) string { + dbadapter, _ := web.AppConfig.String("db_adapter") + ch := "`" + if strings.EqualFold(dbadapter, "postgres") { + ch = `"` + } + return fmt.Sprintf("%s%s%s", ch, name, ch) +} + func NewDocumentSearchResult() *DocumentSearchResult { return &DocumentSearchResult{} } @@ -294,7 +303,7 @@ WHERE (book.privately_owned = 0 OR rel1.relationship_id > 0 or team.team_member_ func (m *DocumentSearchResult) SearchDocument(keyword string, bookId int) (docs []*DocumentSearchResult, err error) { o := orm.NewOrm() - sql := `SELECT * FROM md_documents WHERE book_id = ? AND (document_name LIKE ? OR "release" LIKE ?) ` + sql := fmt.Sprintf("SELECT * FROM md_documents WHERE book_id = ? AND (document_name LIKE ? OR %s LIKE ?) ", escape_name("release")) keyword = "%" + keyword + "%" _need_escape := need_escape(keyword) @@ -313,7 +322,7 @@ func (m *DocumentSearchResult) SearchDocument(keyword string, bookId int) (docs func (m *DocumentSearchResult) SearchAllDocument(keyword string) (docs []*DocumentSearchResult, err error) { o := orm.NewOrm() - sql := `SELECT * FROM md_documents WHERE (document_name LIKE ? OR "release" LIKE ?) ` + sql := fmt.Sprintf("SELECT * FROM md_documents WHERE (document_name LIKE ? OR %s LIKE ?) ", escape_name("release")) keyword = "%" + keyword + "%" _need_escape := need_escape(keyword)