mybais的0值漏洞

mybais的0值漏洞

Map<String,Object> paramList =new HashMap<String,Object>();

paramList.put("TO_USER_KEY", currentUserKey);

paramList.put("LOOK_TIMES", Integer.valueOf("0"));/////////0会被判空处理

List<TbWhInformation> tinfo= tbWhInformationService.getTipByTj(paramList);

 

<select id="getTipByTj" parameterType="map" resultMap="BaseResultMap">

 select C.LOOK_TIMES,

       C.INFO_KEY,

       C.INFO_TITLE,

       C.INFO_CONTENT,

       C.INFO_DESCRIBE,

       C.LINK_ADDRESS,

       C.INFO_TYPE,

       C.ADD_DATE,

       C.ADD_TIME,

       C.MENUITEM_ID

      from TB_WH_INFORMATION C

      WHERE 1 = 1 AND C.INFO_TYPE IN ('E')

      <if test="TO_USER_KEY!=null and TO_USER_KEY!=''">

       AND C.TO_USER_KEY =#{TO_USER_KEY} 

      </if>

      <if test="INFO_TYPE!=null and INFO_TYPE!=''">

        AND C.INFO_TYPE =#{INFO_TYPE} 

      </if>

      <if test="LOOK_TIMES!=null and LOOK_TIMES!=''">

         AND C.LOOK_TIMES =#{LOOK_TIMES}

      </if>

       <if test="menuitemids!=null and menuitemids!='' and menuitemids.size()>0">

       and C.Menuitem_Id in

      <foreach collection="menuitemids" item="menu" open="(" close=")" separator=",">

       #{menu}

      </foreach>

       </if>

  </select>

http://bbs.csdn.net/topics/390210341?page=1