From e0c284c3f848e6e528d2f6e63c4da1148471048a Mon Sep 17 00:00:00 2001
From: zyy <zyy@email.com>
Date: Tue, 23 Dec 2025 12:57:38 +0800
Subject: [PATCH] &转义
---
trading-order-common/src/main/java/com/yami/trading/common/util/StringEscapeUtil.java | 57 +++++++++++++++++++
trading-order-service/src/main/java/com/yami/trading/service/dz/impl/StockDzServiceImpl.java | 79 +++++++++++++++++++++++++-
2 files changed, 132 insertions(+), 4 deletions(-)
diff --git a/trading-order-common/src/main/java/com/yami/trading/common/util/StringEscapeUtil.java b/trading-order-common/src/main/java/com/yami/trading/common/util/StringEscapeUtil.java
new file mode 100644
index 0000000..1000a81
--- /dev/null
+++ b/trading-order-common/src/main/java/com/yami/trading/common/util/StringEscapeUtil.java
@@ -0,0 +1,57 @@
+package com.yami.trading.common.util;
+
+import org.apache.commons.lang3.StringUtils;
+
+/**
+ * 字符串转义工具类
+ */
+public class StringEscapeUtil {
+
+ /**
+ * 将字符串中的 & 转义为 &
+ * @param str 原始字符串
+ * @return 转义后的字符串(null/空字符串直接返回)
+ */
+ public static String escapeAmpersand(String str) {
+ if (StringUtils.isBlank(str)) {
+ return str;
+ }
+ return str.replace("&", "&");
+ }
+
+ public static String unEscapeAmpersand(String str) {
+ if (StringUtils.isBlank(str)) {
+ return str;
+ }
+ return str.replace("&", "&");
+ }
+
+ /**
+ * 递归处理实体中所有字符串类型字段的 & 转义
+ * @param obj 要处理的实体对象
+ */
+ public static void escapeEntityAmpersand(Object obj) {
+ if (obj == null) {
+ return;
+ }
+
+ // 获取实体所有字段
+ java.lang.reflect.Field[] fields = obj.getClass().getDeclaredFields();
+ for (java.lang.reflect.Field field : fields) {
+ try {
+ // 设置可访问私有字段
+ field.setAccessible(true);
+ Object value = field.get(obj);
+
+ // 只处理字符串类型字段
+ if (value instanceof String) {
+ String escapedValue = escapeAmpersand((String) value);
+ field.set(obj, escapedValue);
+ }
+ } catch (IllegalAccessException e) {
+ // 捕获字段访问异常,不中断流程
+ e.printStackTrace();
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/trading-order-service/src/main/java/com/yami/trading/service/dz/impl/StockDzServiceImpl.java b/trading-order-service/src/main/java/com/yami/trading/service/dz/impl/StockDzServiceImpl.java
index bbeb177..464db72 100644
--- a/trading-order-service/src/main/java/com/yami/trading/service/dz/impl/StockDzServiceImpl.java
+++ b/trading-order-service/src/main/java/com/yami/trading/service/dz/impl/StockDzServiceImpl.java
@@ -24,8 +24,8 @@
import com.yami.trading.common.domain.Result;
import com.yami.trading.common.exception.YamiShopBindException;
import com.yami.trading.common.util.Arith;
-import com.yami.trading.common.util.DateUtils;
import com.yami.trading.common.util.RandomUtil;
+import com.yami.trading.common.util.StringEscapeUtil;
import com.yami.trading.dao.dz.ExchangeApplyOrderDzMapper;
import com.yami.trading.dao.dz.StockDzMapper;
import com.yami.trading.service.MarketOpenChecker;
@@ -43,9 +43,9 @@
import org.springframework.transaction.annotation.Transactional;
import javax.annotation.Resource;
-import javax.servlet.http.HttpServletRequest;
+import java.lang.reflect.Field;
+import java.lang.reflect.Method;
import java.math.BigDecimal;
-import java.math.RoundingMode;
import java.text.DecimalFormat;
import java.util.*;
@@ -95,6 +95,9 @@
double dayRate = BigDecimal.valueOf(stockDzDto.getDayRate()).multiply(BigDecimal.valueOf(100)).doubleValue();
stockDzDto.setDayRate(dayRate);
}
+ if (!stockDzDto.getStockName().isEmpty()) {
+ stockDzDto.setStockName(StringEscapeUtil.unEscapeAmpersand(stockDzDto.getStockName()));
+ }
});
return Result.succeed(page);
} catch (Exception e) {
@@ -116,6 +119,10 @@
return Result.failed("请输入股票名称");
}
}
+
+ /*if (!stockName.isEmpty()) {
+ stockName = StringEscapeUtil.escapeAmpersand(stockName);
+ }*/
//该类型是否已添加
Long count = stockDzMapper.selectCount(new LambdaQueryWrapper<StockDz>()
@@ -155,6 +162,7 @@
stockDz.setSwitchType(switchType);
stockDz.setNowPrice(new BigDecimal(nowPrice));
stockDz.setDayRate(dayRate);
+
if (save(stockDz)) {
return Result.succeed("添加成功");
}
@@ -166,6 +174,31 @@
try {
Page page = new Page(pageNum, pageSize);
stockDzMapper.getDzListByAdmin(page, Keywords, stockType);
+
+ page.getRecords().forEach(stockDzObj -> {
+ // 1. 判空 + 强转为HashMap(兼容所有Map子类,如LinkedHashMap)
+ if (stockDzObj == null || !(stockDzObj instanceof HashMap)) {
+ return;
+ }
+
+ // 强转为HashMap<String, Object>(确保key是字符串类型)
+ HashMap<String, Object> stockDzMap = (HashMap<String, Object>) stockDzObj;
+
+ // 2. 获取stock_name字段值(注意:key的拼写/大小写要和Map中完全一致!)
+ Object oldValue = stockDzMap.get("stock_name");
+
+ // 3. 空值防护 + 处理&转义
+ if (oldValue instanceof String) {
+ String oldStr = (String) oldValue;
+ // 反转义&为&
+ String newStr = oldStr.replace("&", "&");
+ // 4. 重新赋值回HashMap
+ stockDzMap.put("stock_name", newStr);
+ } else {
+ // 字段值不是字符串/为null时的提示(方便排查)
+ System.out.println("stock_name字段值异常:" + oldValue);
+ }
+ });
return Result.succeed(page);
} catch (Exception e) {
log.error(e.getMessage());
@@ -186,6 +219,11 @@
if(stockDz == null){
return Result.failed("不存在该大宗信息");
}
+
+ /*if (!model.getStockName().isEmpty()) {
+ System.out.println(model.getStockName());
+ //model.setStockName(StringEscapeUtil.escapeAmpersand(model.getStockName()));
+ }*/
if (!stockDz.getStockType().equalsIgnoreCase(Item.indices)) {
Item item = itemService.findBySymbol(model.getStockCode());
@@ -257,6 +295,11 @@
String resultPer = df.format(profitPercentage);
dz.setProfitLossPercentage(Double.parseDouble(resultPer));
}
+
+ if (!dz.getStockName().isEmpty()) {
+ dz.setStockName(StringEscapeUtil.unEscapeAmpersand(dz.getStockName()));
+ }
+
});
}
@@ -273,9 +316,37 @@
Page page = new Page(pageNum, pageSize);
stockDzMapper.getDzCheckList(page ,state, stockCode, stockType, userName, checkedList);
+
+ page.getRecords().forEach(stockDzObj -> {
+ if (stockDzObj == null) {
+ return;
+ }
+
+ try {
+ // ========== 第一步:获取字段值(以stockName为例) ==========
+ // 1. 获取getter方法(JavaBean规范:字段名stockName → 方法名getStockName)
+ Method getter = stockDzObj.getClass().getMethod("getStockName");
+ // 2. 执行方法获取值
+ Object oldValue = getter.invoke(stockDzObj);
+
+ // ========== 第二步:处理字段值(仅当值不为null时) ==========
+ if (oldValue instanceof String) { // 确保字段类型是String(根据实际字段类型调整)
+ String newValue = ((String) oldValue).replace("&", "&"); // 自定义处理逻辑
+
+ // ========== 第三步:重新赋值 ==========
+ // 1. 获取setter方法(参数为字段类型,比如String)
+ Method setter = stockDzObj.getClass().getMethod("setStockName", String.class);
+ // 2. 执行setter方法赋值
+ setter.invoke(stockDzObj, newValue);
+ }
+ } catch (Exception e) {
+ // 捕获反射异常(方法不存在、权限不足等),避免循环中断
+ log.error(e.getMessage());
+ }
+ });
return Result.succeed(page);
} catch (Exception e) {
- log.error(e.getMessage());
+ log.error(e.getMessage(), e);
}
return Result.failed("获取失败");
}
--
Gitblit v1.9.3