|
@@ -106,9 +106,27 @@ client.findById=async function(cid,attributes){
|
|
|
}
|
|
|
|
|
|
var staffDetail=[];
|
|
|
- await this.sequelize.query('SELECT b.* FROM CLD_client_staff as a left join CLD_staff as b on (a.sid=b.sid) where a.cid=7').spread((results, metadata) => {
|
|
|
- staffDetail=results[0];
|
|
|
- });
|
|
|
+
|
|
|
+ var tblName1 = 'CLD_client_staff', tblName2='CLD_staff';
|
|
|
+ var cid = '20160923 AND 1=1;-- hack';
|
|
|
+ var sqlQuery = 'SELECT b.* FROM ${tblName1} as a left join ${tblName2} as b on (a.sid=b.sid) where a.cid=$cid';
|
|
|
+
|
|
|
+ await this.sequelize.query(sqlQuery,
|
|
|
+ type: sequelize.QueryTypes.SELECT, // 指定sql为SELECT
|
|
|
+ bind: {
|
|
|
+ cid: cid
|
|
|
+ }
|
|
|
+ ).spread((results, metadata) => {
|
|
|
+ staffDetail=results[0];
|
|
|
+ });
|
|
|
+
|
|
|
+
|
|
|
+
|
|
|
+// await this.sequelize.query('SELECT b.* FROM CLD_client_staff as a left join CLD_staff as b on (a.sid=b.sid) where a.cid=7').spread((results, metadata) => {
|
|
|
+// staffDetail=results[0];
|
|
|
+// });
|
|
|
+
|
|
|
+
|
|
|
detail['staff']=staffDetail;
|
|
|
|
|
|
detail.cidKey=hash.hashEncode(detail.cid.toString());
|