From 3c29e4e68f64591e76c9835a24127398f0ecc227 Mon Sep 17 00:00:00 2001
From: yihong <zouzou0208@gmail.com>
Date: Mon, 19 Aug 2019 15:34:22 +0800
Subject: [PATCH] format code and change the database table name, also fix the
 sql injection problem by an easy way

---
 App/Server.go | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/App/Server.go b/App/Server.go
index 3c63e3a..5883f1c 100644
--- a/App/Server.go
+++ b/App/Server.go
@@ -1,14 +1,16 @@
 package main
 
 import (
-	"../Common"
-	"../Config"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"os/signal"
+	"regexp"
 	"syscall"
+
+	"../Common"
+	"../Config"
 )
 
 func GetTypeInfo(w http.ResponseWriter, r *http.Request) {
@@ -17,7 +19,9 @@ func GetTypeInfo(w http.ResponseWriter, r *http.Request) {
 		log.Fatal("系统错误" + err.Error())
 	}
 	id := r.Form.Get("id")
-	sql := "select str from hotData where id=" + id
+	re := regexp.MustCompile("[0-9]+")
+	id = re.FindString(id)
+	sql := "select str from hotData2 where id=" + id
 	data := Common.MySql{}.GetConn().ExecSql(sql)
 	if len(data) == 0 {
 		fmt.Fprintf(w, "%s", `{"Code":1,"Message":"id错误，无该分类数据","Data":[]}`)