Server:userId,userId{}在WHERE条件中强制置前，仅次于id,id{}，提高安全和性能

Author: TommyLemon

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/JSONResponse.java

@@ -67,8 +67,6 @@ public JSONResponse(JSONObject object) {
 
 	public static final String KEY_CODE = "code";
 	public static final String KEY_MSG = "msg";
-	public static final String KEY_ID = "id";
-	public static final String KEY_ID_IN = KEY_ID + "{}";
 	public static final String KEY_COUNT = "count";
 	public static final String KEY_TOTAL = "total";
 

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLConfig.java

@@ -21,6 +21,8 @@
 import static zuo.biao.apijson.JSONObject.KEY_HAVING;
 import static zuo.biao.apijson.JSONObject.KEY_ID;
 import static zuo.biao.apijson.JSONObject.KEY_ID_IN;
+import static zuo.biao.apijson.JSONObject.KEY_USER_ID;
+import static zuo.biao.apijson.JSONObject.KEY_USER_ID_IN;
 import static zuo.biao.apijson.JSONObject.KEY_ORDER;
 import static zuo.biao.apijson.JSONObject.KEY_ROLE;
 import static zuo.biao.apijson.JSONObject.KEY_SCHEMA;
@@ -39,6 +41,7 @@
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Map.Entry;
 import java.util.Set;
 
 import com.alibaba.fastjson.JSON;
@@ -511,16 +514,35 @@ public String getWhereString() throws Exception {
 	 * @throws Exception 
 	 */
 	public static String getWhereString(RequestMethod method, Map<String, Object> where, boolean verifyName) throws Exception {
-		Set<String> set = where == null ? null : where.keySet();
-		if (set == null || set.isEmpty()) {
+		Map<String, Object> where2 = where == null || where.isEmpty() ? null : new LinkedHashMap<String, Object>();
+		if (where2 == null) {
 			return "";
 		}
-		String whereString = "";
+		
+		//强制排序，把id,id{},userId,userId{}放最前面，保证安全、优化性能
+		Object id = where.remove(KEY_ID);
+		Object idIn = where.remove(KEY_ID_IN);
+		Object userId = where.remove(KEY_USER_ID);
+		Object userIdIn = where.remove(KEY_USER_ID_IN);
+		
+		where2.put(KEY_ID, id);
+		where2.put(KEY_ID_IN, idIn);
+		where2.put(KEY_USER_ID, userId);
+		where2.put(KEY_USER_ID_IN, userIdIn);
+		where2.putAll(where);
+		
+		
+		Set<Entry<String, Object>> set = where2.entrySet();
+		
 		boolean isFirst = true;
-
 		String condition;
-		for (String key : set) {
-			condition = getWhereItem(key, where.get(key), method, verifyName);
+		String whereString = "";
+		
+		for (Entry<String, Object> entry : set) {
+			if (entry == null) {
+				continue;
+			}
+			condition = getWhereItem(entry.getKey(), entry.getValue(), method, verifyName);
 
 			if (StringUtil.isEmpty(condition, true)) {//避免SQL条件连接错误
 				continue;
@@ -530,6 +552,12 @@ public static String getWhereString(RequestMethod method, Map<String, Object> wh
 
 			isFirst = false;
 		}
+		
+		//还原where，后续可能用到
+		where.put(KEY_ID, id);
+		where.put(KEY_ID_IN, idIn);
+		where.put(KEY_USER_ID, userId);
+		where.put(KEY_USER_ID_IN, userIdIn);
 
 		String s = whereString.isEmpty() ? "" : " WHERE " + whereString;
 
@@ -1041,8 +1069,7 @@ public static AbstractSQLConfig newSQLConfig(RequestMethod method, String table,
 		}
 		AbstractSQLConfig config = callback.getSQLConfig(method, table);
 
-		boolean isEmpty = request.isEmpty();
-		if (isEmpty) { // User:{} 这种空内容在查询时也有效
+		if (request.isEmpty()) { // User:{} 这种空内容在查询时也有效
 			return config; //request.remove(key); 前都可以直接return，之后必须保证 put 回去
 		}
 

APIJSON-Java-Server/APIJSON-Eclipse/APIJSONLibrary/src/main/java/zuo/biao/apijson/server/AbstractSQLExecutor.java

@@ -148,7 +148,7 @@ public JSONObject execute(SQLConfig config) throws Exception {
 			result = AbstractParser.newResult(updateCount > 0 ? JSONResponse.CODE_SUCCESS : JSONResponse.CODE_NOT_FOUND
 					, updateCount > 0 ? JSONResponse.MSG_SUCCEED : "可能对象不存在！");
 
-			//id或id{}一定有，一定会返回，不用抛异常来阻止关联写操作时前面错误导致后面无条件执行！
+			//id,id{}至少一个会有，一定会返回，不用抛异常来阻止关联写操作时前面错误导致后面无条件执行！
 			if (config.getId() > 0) {
 				result.put(JSONResponse.KEY_ID, config.getId());
 			} else {