收货地址管理
功能:
添加地址;删除地址;更新地址;地址的list;地址的分页;地址的详情
接口:
注:
学习目标:
1 SpringMVC数据绑定中的对象绑定
2 Mybatis自动生主键、配置和使用 : useGeneratedKeys="true" keyProperty="id" 加上这个配置,当用shipping对象插入数据后,会将自动生成的主键保存到 插入数据用的shipping对象
<insert id="insert" parameterType="com.eshop.pojo.Shipping" useGeneratedKeys="true" keyProperty="id">
insert into eshop_shipping (id, user_id, receiver_name,
receiver_phone, receiver_mobile, receiver_province,
receiver_city, receiver_district, receiver_address,
receiver_zip, create_time, update_time
)
values (#{id,jdbcType=INTEGER}, #{userId,jdbcType=INTEGER}, #{receiverName,jdbcType=VARCHAR},
#{receiverPhone,jdbcType=VARCHAR}, #{receiverMobile,jdbcType=VARCHAR}, #{receiverProvince,jdbcType=VARCHAR},
#{receiverCity,jdbcType=VARCHAR}, #{receiverDistrict,jdbcType=VARCHAR}, #{receiverAddress,jdbcType=VARCHAR},
#{receiverZip,jdbcType=VARCHAR}, #{createTime,jdbcType=TIMESTAMP}, #{updateTime,jdbcType=TIMESTAMP}
)
</insert>
3 如何避免横向越权的漏洞的巩固:
删除的横向越权:
//要防止横向越权,让该用户删除了 不属于自己的 购物车地址。自己写一个新的SQL
int resultCount=shippingMapper.deleteByUserIdShippingId(userId,shippingId);
<delete id="deleteByUserIdShippingId" parameterType="map">
delete from eshop_shipping
where id=#{shippingId}
and user_id=#{userId}
</delete>
更新的横向越权