🐛 fix(batch-truncate/query): 修复批量清空表安全隐患并优化多语句执行错误反馈

- 安全加固：TruncateTables 增加审计日志（Warnf 级别）和参数校验（上限 200 张） - 容错增强：批量清空部分失败时返回已执行 SQL 列表并提示已清空表不可恢复 - 错误优化：DBQueryMulti 逐条执行失败时附带语句序号和已成功条数 - 性能优化：splitSQLStatements 从 string 拼接改为 strings.Builder，消除 O(n²) 分配 - 转义修复：splitSQLStatements 支持 SQL 标准转义单引号 '' 防止误拆分 - 前端修复：handleBatchClear 统一取消判断字符串为 '已取消' 并移除冗余变量声明 - refs #244
2026-06-01 07:39:37 +08:00 · 2026-03-18 14:32:11 +08:00
parent fbd785400f
commit 64021ffd2a
6 changed files with 101 additions and 35 deletions
--- a/internal/app/sql_split_test.go
+++ b/internal/app/sql_split_test.go
@@ -92,3 +92,22 @@ func TestSplitSQLStatements_TrailingSemicolon(t *testing.T) {
 		t.Errorf("splitSQLStatements(%q) = %v, want %v", input, got, want)
 	}
 }
+
+func TestSplitSQLStatements_SQLEscapedQuote(t *testing.T) {
+	input := "SELECT 'it''s a test'; SELECT 2"
+	got := splitSQLStatements(input)
+	want := []string{"SELECT 'it''s a test'", "SELECT 2"}
+	if !reflect.DeepEqual(got, want) {
+		t.Errorf("splitSQLStatements(%q) = %v, want %v", input, got, want)
+	}
+}
+
+func TestSplitSQLStatements_SQLEscapedQuoteMultiple(t *testing.T) {
+	input := "INSERT INTO t VALUES ('O''Brien', 'it''s OK'); SELECT 1"
+	got := splitSQLStatements(input)
+	want := []string{"INSERT INTO t VALUES ('O''Brien', 'it''s OK')", "SELECT 1"}
+	if !reflect.DeepEqual(got, want) {
+		t.Errorf("splitSQLStatements(%q) = %v, want %v", input, got, want)
+	}
+}
+