aps/kingdee-dbapi.git

			@@ -2,6 +2,7 @@

			import (
			"encoding/json"
			"strings"

			"kingdee-dbapi/config"
			"kingdee-dbapi/logger"
			@@ -15,28 +16,34 @@

			logger.Debug("接收到查询请求,%s", sql)

			if !sqlCheck(sql) {
			logger.Warn("识别到危险的sql语句, 拒绝执行. %s", sql)

			return nil
			}

			if db == nil {
			logger.Debug("数据库未连接")

			return nil
			}

			rows, err := db.Raw(`select * from users`).Rows()
			rows, err := db.Raw(sql).Rows()
			if err != nil {
			result = append(result, err.Error())
			return err
			}

			var colums []string
			var cols []string
			for rows.Next() {
			//先获取所有的column
			if colums == nil {
			colums, _ = rows.Columns()
			if cols == nil {
			cols, _ = rows.Columns()
			}

			//建立俩个interface数组，columnPointers中存在columns的地址
			columns := make([]interface{}, len(colums))
			columnPointers := make([]interface{}, len(colums))
			columns := make([]interface{}, len(cols))
			columnPointers := make([]interface{}, len(cols))
			for i, _ := range columns {
			//赋值地址
			columnPointers[i] = &columns[i]
			@@ -45,13 +52,12 @@
			//扫描结果
			rows.Scan(columnPointers...)
			m := make(map[string]interface{})
			for i, colName := range colums {
			for i, colName := range cols {
			val := columnPointers[i].(*interface{})
			m[colName] = *val
			}

			result = append(result, m)
			//result = append(result, row)
			}

			logger.Debug("数据库返回数据%+v", result)
			@@ -66,3 +72,18 @@

			return nil
			}

			// 简单过滤下sql语句,拒绝增删改操作
			func sqlCheck(sql string) bool {
			var dangerousWords = []string{"INSERT", "UPDATE", "DELETE", "ALTER", "DROP", "DECLARE", "EXECUTE", "EXEC", "INTO", "TRANCATE"}

			var upperStr = strings.ToUpper(sql)

			for _, word := range dangerousWords {
			if strings.Contains(upperStr, word) {
			return false
			}
			}

			return true
			}