|
|
@@ -26,6 +26,32 @@ func init() {
|
|
|
orm.RegisterModel(new(AiceUsers))
|
|
|
}
|
|
|
|
|
|
+// isValidFieldName 验证字段名是否有效,防止SQL注入
|
|
|
+func isValidFieldName(fieldName string) bool {
|
|
|
+ // AiceUsers结构体中的有效字段
|
|
|
+ validFields := map[string]bool{
|
|
|
+ "userid": true,
|
|
|
+ "email": true,
|
|
|
+ "token": true,
|
|
|
+ "username": true,
|
|
|
+ "address": true,
|
|
|
+ "password": true,
|
|
|
+ }
|
|
|
+
|
|
|
+ // 处理带isnull的情况(如:email__isnull)
|
|
|
+ baseField := strings.Replace(fieldName, "__isnull", "", -1)
|
|
|
+ baseField = strings.Replace(baseField, ".", "__", -1)
|
|
|
+
|
|
|
+ // 检查基础字段是否有效
|
|
|
+ for field := range validFields {
|
|
|
+ if strings.HasPrefix(baseField, field) || baseField == field {
|
|
|
+ return true
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ return false
|
|
|
+}
|
|
|
+
|
|
|
// AddAiceUsers insert a new AiceUsers into database and returns
|
|
|
// last inserted Id on success.
|
|
|
func AddAiceUsers(m *AiceUsers) (id int64, err error) {
|
