diff --git a/src/main/java/com/example/exam/exam/service/mysql/IMysqlLocalServiceImpl.java b/src/main/java/com/example/exam/exam/service/mysql/IMysqlLocalServiceImpl.java index b292fe6..557fd92 100644 --- a/src/main/java/com/example/exam/exam/service/mysql/IMysqlLocalServiceImpl.java +++ b/src/main/java/com/example/exam/exam/service/mysql/IMysqlLocalServiceImpl.java @@ -1009,27 +1009,27 @@ public class IMysqlLocalServiceImpl implements IMysqlLocalService { try (Connection connstu = DriverManager.getConnection(stuDbUrl, user, password); Statement stmtstu = connstu.createStatement()) { + if (tNames!=null&&tNames.size()>0){ + for (String tName : tNames) { + // 校验数据库名格式,防止 SQL 注入 + if (!tName.matches("^[a-zA-Z0-9_]+$")) { + System.err.println("非法数据库名,跳过: " + tName); + continue; + } - for (String tName : tNames) { - // 校验数据库名格式,防止 SQL 注入 - if (!tName.matches("^[a-zA-Z0-9_]+$")) { - System.err.println("非法数据库名,跳过: " + tName); - continue; - } - - // 检查数据库是否存在 - String checkSql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '" + tName + "'"; - try (ResultSet rs = stmtstu.executeQuery(checkSql)) { - if (rs.next()) { - String dropDbSql = "DROP DATABASE `" + tName + "`"; - stmtstu.executeUpdate(dropDbSql); - System.out.println("已删除数据库:" + tName); - } else { - System.out.println("数据库不存在,跳过:" + tName); + // 检查数据库是否存在 + String checkSql = "SELECT SCHEMA_NAME FROM INFORMATION_SCHEMA.SCHEMATA WHERE SCHEMA_NAME = '" + tName + "'"; + try (ResultSet rs = stmtstu.executeQuery(checkSql)) { + if (rs.next()) { + String dropDbSql = "DROP DATABASE `" + tName + "`"; + stmtstu.executeUpdate(dropDbSql); + System.out.println("已删除数据库:" + tName); + } else { + System.out.println("数据库不存在,跳过:" + tName); + } } } } - } catch (SQLException e) { e.printStackTrace(); throw new RuntimeException("数据库操作失败", e);