Hibernate sql注入

    /**
     * 每周使用率
     * @param start
     * @param end
     * @return
     */
    public Map loadPieByWeek(String start, String end) {
        // 结果集
        Map result = new HashMap();
        Map dataMpa = null;
        List> listData = Lists.newArrayList();
        List legends = new ArrayList();
        SQLQuery query = getSession().createSQLQuery("SELECT COUNT(*) AS count,(SELECT soft.sname FROM t_apply_software_infos AS soft\n" +
                "\tWHERE\n" +
                "\t\tsoft.id = t_custom_monitor_infos.software_id\n" +
                ") AS name\n" +
                "FROM\n" +
                "\tt_custom_monitor_infos\n" +
                "WHERE\n" +
                "\tDATE(created_at) >= :start\n" +
                "AND DATE(created_at) <= :end\n" +
                "GROUP BY\n" +
                "\tsoftware_id");
        query.setParameter("start", start).setParameter("end", end);
        List list = query.addScalar("name", StandardBasicTypes.STRING).addScalar("count", StandardBasicTypes.INTEGER).list();
        for (Iterator iterator = list.iterator(); iterator.hasNext(); ) {
            dataMpa = new HashMap();
            Object[] objects = (Object[]) iterator.next();
            legends.add((String) objects[0]);
            dataMpa.put("name",objects[0]);
            dataMpa.put("value",objects[1]);
            // 对象合并
            JSONObject jsonObject = new JSONObject();
            jsonObject.putAll(dataMpa);
            listData.add(jsonObject);
        }
        result.put("legends",legends);
        result.put("data",listData);
        return result;
    }

image.png