mybais的0值漏洞
Map<String,Object> paramList =new HashMap<String,Object>();
paramList.put("TO_USER_KEY", currentUserKey);
paramList.put("LOOK_TIMES", Integer.valueOf("0"));/////////0会被判空处理
List<TbWhInformation> tinfo= tbWhInformationService.getTipByTj(paramList);
<select id="getTipByTj" parameterType="map" resultMap="BaseResultMap">
select C.LOOK_TIMES,
C.INFO_KEY,
C.INFO_TITLE,
C.INFO_CONTENT,
C.INFO_DESCRIBE,
C.LINK_ADDRESS,
C.INFO_TYPE,
C.ADD_DATE,
C.ADD_TIME,
C.MENUITEM_ID
from TB_WH_INFORMATION C
WHERE 1 = 1 AND C.INFO_TYPE IN ('E')
<if test="TO_USER_KEY!=null and TO_USER_KEY!=''">
AND C.TO_USER_KEY =#{TO_USER_KEY}
</if>
<if test="INFO_TYPE!=null and INFO_TYPE!=''">
AND C.INFO_TYPE =#{INFO_TYPE}
</if>
<if test="LOOK_TIMES!=null and LOOK_TIMES!=''">
AND C.LOOK_TIMES =#{LOOK_TIMES}
</if>
<if test="menuitemids!=null and menuitemids!='' and menuitemids.size()>0">
and C.Menuitem_Id in
<foreach collection="menuitemids" item="menu" open="(" close=")" separator=",">
#{menu}
</foreach>
</if>
</select>
http://bbs.csdn.net/topics/390210341?page=1