1

app/models/client.js

@@ -106,9 +106,27 @@ client.findById=async function(cid,attributes){
     }
 
     var staffDetail=[];
-    await this.sequelize.query('SELECT b.* FROM CLD_client_staff as a left join CLD_staff as b on (a.sid=b.sid) where a.cid=7').spread((results, metadata) => {
-        staffDetail=results[0];
-    });
+    
+    var tblName1 = 'CLD_client_staff', tblName2='CLD_staff';
+    var cid = '20160923 AND 1=1;-- hack';
+    var sqlQuery = 'SELECT b.* FROM ${tblName1} as a left join ${tblName2} as b on (a.sid=b.sid) where a.cid=$cid';
+    
+       await this.sequelize.query(sqlQuery,
+    		type: sequelize.QueryTypes.SELECT,  // 指定sql为SELECT
+            bind： { 
+            	cid: cid
+            }
+        ).spread((results, metadata) => {
+            staffDetail=results[0];
+        });
+    
+
+    
+//    await this.sequelize.query('SELECT b.* FROM CLD_client_staff as a left join CLD_staff as b on (a.sid=b.sid) where a.cid=7').spread((results, metadata) => {
+//        staffDetail=results[0];
+//    });
+    
+    
     detail['staff']=staffDetail;
 
     detail.cidKey=hash.hashEncode(detail.cid.toString());