Mybatis ${} 사용시 SQL Injection 피하기
// Example: Validate column names and operatorsList validColumns = Arrays.asList("column1", "column2", "column3");List validOperators = Arrays.asList("=", "", "=", "like");for (Map condition : conditions) { String column = (String) condition.get("data"); String operator = (String) condition.get("compare"); if (!validColumns.contains(column)) { throw new IllegalArgumentException("..
2025.01.15