增加注释和说明，修正错误

xfali · xfali · commit a82c5d652538 · 2020-01-14T21:24:50.000+08:00
diff --git a/README.md b/README.md
@@ -39,4 +39,34 @@ select查询返回的result还未能携带page、pageSize、total信息，需要
 
     var ret []TestTable
     session.SetContext(ctx).Select("SELECT * FROM TBL_TEST").Param().Result(&ret)
+```
+
+### 3、配置排序参数
+```cassandraql
+    session := sessMgr.NewSession()
+    ctx := pagehelper.OrderBy("myfield", pagehelper.DESC, context.Background())
+
+    var ret []TestTable
+    session.SetContext(ctx).Select("SELECT * FROM TBL_TEST").Param().Result(&ret)
+```
+*注意:*
+  
+由于golang对order by不能使用placeholder的方式，所以存在注入风险，请谨慎使用排序功能，如果使用，则需要自己做防注入的工作。
+
+举例：
+
+在获得order by参数时做参数校验
+```$xslt
+valid := regexp.MustCompile("^[A-Za-z0-9_]+$")
+if !valid.MatchString(ordCol) {
+    // invalid column name, do not proceed in order to prevent SQL injection
+}
+```
+
+### 4、使用builder
+```$xslt
+session := sessMgr.NewSession()
+ctx := pagehelper.C(context.Background()).Page(1, 3).Order("test", pagehelper.ASC).Build()
+var ret []TestTable
+session.SetContext(ctx).Select("SELECT * FROM TBL_TEST").Param().Result(&ret)
 ```
diff --git a/builder.go b/builder.go
@@ -0,0 +1,54 @@
+// Copyright (C) 2019, Xiongfa Li.
+// All right reserved.
+// @author xiongfa.li
+// @version V1.0
+// Description: 
+
+package pagehelper
+
+import "context"
+
+type builder struct {
+    ctx context.Context
+}
+
+//创建builder
+//ctx 初始context
+func C(ctx context.Context) *builder {
+    return &builder{ctx: ctx}
+}
+
+//分页
+//page 页码
+//pageSize 分页大小
+func (b *builder) Page(page, pageSize int) *builder {
+    b.ctx = StartPage(page, pageSize, b.ctx)
+    return b
+}
+
+//手动指定字段和排序
+//field 字段
+//order 排序 [ASC | DESC]
+func (b *builder) Order(field, order string) *builder {
+    b.ctx = OrderBy(field, order, b.ctx)
+    return b
+}
+
+//升序（默认）
+//field 字段
+func (b *builder) ASC(field string) *builder {
+    b.ctx = OrderBy(field, ASC, b.ctx)
+    return b
+}
+
+//降序
+//field 字段
+func (b *builder) DESC(field string) *builder {
+    b.ctx = OrderBy(field, DESC, b.ctx)
+    return b
+}
+
+//获得含分页/排序信息的context
+func (b *builder) Build() context.Context {
+    return b.ctx
+}
diff --git a/pagehelper.go b/pagehelper.go
@@ -52,10 +52,18 @@ type Executor struct {
     log  logging.LogFunc
 }
 
+//分页
+//page 页码
+//pageSize 分页大小
+//ctx 初始context
 func StartPage(page, pageSize int, ctx context.Context) context.Context {
     return context.WithValue(ctx, pageHelperValue, &PageParam{Page: page, PageSize: pageSize})
 }
 
+//排序
+//field 字段
+//order 排序 [ASC | DESC]
+//ctx 初始context
 func OrderBy(field, order string, ctx context.Context) context.Context {
     return context.WithValue(ctx, orderHelperValue, &OrderParam{Field: field, Order: order})
 }
@@ -84,7 +92,7 @@ func (exec *Executor) Query(ctx context.Context, result reflection.Object, sql s
     o := ctx.Value(orderHelperValue)
     if o != nil {
         if param, ok := o.(*OrderParam); ok {
-            sql, params = modifySqlOrder(sql, param, params)
+            sql = modifySqlOrder(sql, param)
         }
     }
 
@@ -122,15 +130,14 @@ func (f *Factory) CreateExecutor(transaction transaction.Transaction) executor.E
     }
 }
 
-func modifySqlOrder(sql string, p *OrderParam, params []interface{}) (string, []interface{}) {
+func modifySqlOrder(sql string, p *OrderParam) string {
     if p.Field == "" {
-        return sql, params
+        return sql
     }
     b := strings.Builder{}
     b.WriteString(strings.TrimSpace(sql))
-    b.WriteString(fmt.Sprintf(" ORDER BY ? %s ", p.Order))
-    params = append(params, p.Field)
-    return b.String(), params
+    b.WriteString(fmt.Sprintf(" ORDER BY `%s` %s ", p.Field, p.Order))
+    return b.String()
 }
 
 func modifySql(sql string, p *PageParam) string {
diff --git a/pagehelper_test.go b/pagehelper_test.go
@@ -129,7 +129,7 @@ func TestModifyPage(t *testing.T) {
 }
 
 func order(sql string, params ...interface{}) (string, []interface{}) {
-    return modifySqlOrder(sql, &OrderParam{"test", ASC}, params)
+    return modifySqlOrder(sql, &OrderParam{"test", ASC}), params
 }
 
 func TestModifyOrder(t *testing.T) {
diff --git a/test/builder_test.go b/test/builder_test.go
@@ -0,0 +1,56 @@
+// Copyright (C) 2019, Xiongfa Li.
+// All right reserved.
+// @author xiongfa.li
+// @version V1.0
+// Description: 
+
+package test
+
+import (
+    "context"
+    "github.com/xfali/pagehelper"
+    "testing"
+    "time"
+)
+
+const (
+    pageHelperValue  = "_page_helper_value"
+    orderHelperValue = "_order_helper_value"
+)
+
+func TestBuilder(t *testing.T) {
+    ctx := pagehelper.C(context.Background()).Page(1, 3).Order("test", pagehelper.ASC).Build()
+    ctx, _ = context.WithTimeout(ctx, time.Second)
+    p := ctx.Value(pageHelperValue)
+    o := ctx.Value(orderHelperValue)
+
+    printOrder(t, o)
+    printPage(t, p)
+}
+
+func TestBuilder2(t *testing.T) {
+    ctx := pagehelper.C(context.Background()).Page(1, 3).Order("test", pagehelper.ASC).Build()
+    ctx = pagehelper.C(ctx).DESC("new_field").Build()
+    ctx, _ = context.WithTimeout(ctx, time.Second)
+    p := ctx.Value(pageHelperValue)
+    o := ctx.Value(orderHelperValue)
+
+    printOrder(t, o)
+    printPage(t, p)
+}
+
+func printPage(t *testing.T, p interface{}) {
+    if p, ok := p.(*pagehelper.PageParam); ok {
+        t.Logf("page param: %d %d", p.Page, p.PageSize)
+    } else {
+        t.Fail()
+    }
+}
+
+func printOrder(t *testing.T, p interface{}) {
+    if p, ok := p.(*pagehelper.OrderParam); ok {
+        t.Logf("order param: %s %s", p.Field, p.Order)
+    } else {
+        t.Fail()
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -52,10 +52,18 @@ type Executor struct {`
`52`	`52`	`log logging.LogFunc`
`53`	`53`	`}`
`54`	`54`
	`55`	`+//分页`
	`56`	`+//page 页码`
	`57`	`+//pageSize 分页大小`
	`58`	`+//ctx 初始context`
`55`	`59`	`func StartPage(page, pageSize int, ctx context.Context) context.Context {`
`56`	`60`	`return context.WithValue(ctx, pageHelperValue, &PageParam{Page: page, PageSize: pageSize})`
`57`	`61`	`}`
`58`	`62`
	`63`	`+//排序`
	`64`	`+//field 字段`
	`65`	`+//order 排序 [ASC \| DESC]`
	`66`	`+//ctx 初始context`
`59`	`67`	`func OrderBy(field, order string, ctx context.Context) context.Context {`
`60`	`68`	`return context.WithValue(ctx, orderHelperValue, &OrderParam{Field: field, Order: order})`
`61`	`69`	`}`
`@@ -84,7 +92,7 @@ func (exec *Executor) Query(ctx context.Context, result reflection.Object, sql s`
`84`	`92`	`o := ctx.Value(orderHelperValue)`
`85`	`93`	`if o != nil {`
`86`	`94`	`if param, ok := o.(*OrderParam); ok {`
`87`		`- sql, params = modifySqlOrder(sql, param, params)`
	`95`	`+ sql = modifySqlOrder(sql, param)`
`88`	`96`	`}`
`89`	`97`	`}`
`90`	`98`
`@@ -122,15 +130,14 @@ func (f *Factory) CreateExecutor(transaction transaction.Transaction) executor.E`
`122`	`130`	`}`
`123`	`131`	`}`
`124`	`132`
`125`		`-func modifySqlOrder(sql string, p *OrderParam, params []interface{}) (string, []interface{}) {`
	`133`	`+func modifySqlOrder(sql string, p *OrderParam) string {`
`126`	`134`	`if p.Field == "" {`
`127`		`- return sql, params`
	`135`	`+ return sql`
`128`	`136`	`}`
`129`	`137`	`b := strings.Builder{}`
`130`	`138`	`b.WriteString(strings.TrimSpace(sql))`
`131`		`- b.WriteString(fmt.Sprintf(" ORDER BY ? %s ", p.Order))`
`132`		`- params = append(params, p.Field)`
`133`		`- return b.String(), params`
	`139`	+ b.WriteString(fmt.Sprintf(" ORDER BY `%s` %s ", p.Field, p.Order))
	`140`	`+ return b.String()`
`134`	`141`	`}`
`135`	`142`
`136`	`143`	`func modifySql(sql string, p *PageParam) string {`
Original file line number	Diff line number	Diff line change
`@@ -129,7 +129,7 @@ func TestModifyPage(t *testing.T) {`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`func order(sql string, params ...interface{}) (string, []interface{}) {`
`132`		`- return modifySqlOrder(sql, &OrderParam{"test", ASC}, params)`
	`132`	`+ return modifySqlOrder(sql, &OrderParam{"test", ASC}), params`
`133`	`133`	`}`
`134`	`134`
`135`	`135`	`func TestModifyOrder(t *testing.T) {`