标签:blank iat parse param table ssi nta tab test
druid版本是
<!-- https://mvnrepository.com/artifact/com.alibaba/druid 数据库连接池--> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.9</version> </dependency>
报错如下:
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :‘name LIKE ‘%‘ ? ‘%‘ ‘, expect RPAREN, actual QUES pos 325, line 12, column 43, token QUES : select count(0) from (select hy.uid uid, hy.create_date createDate, hy.update_date updateDate, hy.area_name areaName, hy.area_person areaPerson from hua_yang_area AS hy WHERE 1=1 AND hy.area_name LIKE ‘%‘ ? ‘%‘ AND hy.area_person >= ? AND hy.create_date >= ?) tmp_count at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:929) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:349) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.apache.ibatis.logging.jdbc.ConnectionLogger.invoke(ConnectionLogger.java:55) at com.sun.proxy.$Proxy166.prepareStatement(Unknown Source) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:87) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:85) at org.apache.ibatis.executor.SimpleExecutor.doQuery(SimpleExecutor.java:62) at org.apache.ibatis.executor.BaseExecutor.queryFromDatabase(BaseExecutor.java:326) at org.apache.ibatis.executor.BaseExecutor.query(BaseExecutor.java:156) at org.apache.ibatis.executor.CachingExecutor.query(CachingExecutor.java:109) at com.github.pagehelper.PageInterceptor.executeAutoCount(PageInterceptor.java:201) at com.github.pagehelper.PageInterceptor.intercept(PageInterceptor.java:113) at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:61) at com.sun.proxy.$Proxy165.query(Unknown Source) at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:148) at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:141) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:433) ... 69 more Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :‘name LIKE ‘%‘ ? ‘%‘ ‘, expect RPAREN, actual QUES pos 325, line 12, column 43, token QUES at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:284) at com.alibaba.druid.sql.parser.SQLParser.accept(SQLParser.java:292) at com.alibaba.druid.sql.dialect.mysql.parser.MySqlSelectParser.parseTableSource(MySqlSelectParser.java:229) at com.alibaba.druid.sql.dialect.mysql.parser.MySqlSelectParser.parseFrom(MySqlSelectParser.java:75) at com.alibaba.druid.sql.dialect.mysql.parser.MySqlSelectParser.query(MySqlSelectParser.java:174) at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:59) at com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser.parseSelect(MySqlStatementParser.java:113) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:149) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:83) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:624) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:578) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785) ... 101 more
mapper.xml映射文件如下:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.sxd.swapping.dao.mybatis.HuaYangAreaMapper"> <select id="findByNameAndPersonAndCreateDate" parameterType="com.sxd.swapping.domain.HuaYangArea" resultType="com.sxd.swapping.base.HuaYangModelBean"> select hy.uid uid, hy.create_date createDate, hy.update_date updateDate, hy.area_name areaName, hy.area_person areaPerson from hua_yang_area AS hy <where> 1=1 <if test="areaName != null"> AND hy.area_name LIKE ‘%‘ #{areaName} ‘%‘ </if> <if test="areaPerson != null"> AND hy.area_person >= #{areaPerson} </if> <if test="createDate != null"> AND <![CDATA[hy.create_date >= #{createDate}]]> </if> </where> </select> </mapper>
mybatis这边连接mysql进行模糊查询,并未更改xml文件中的sql语句。也就是说,同样的sql,在spring boot集成了druid之前是完全支持可以查询的,集成之后查询出错,报错如最上面。
感觉是druid的问题,
mapper.xml修改最后如下:
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > <mapper namespace="com.sxd.swapping.dao.mybatis.HuaYangAreaMapper"> <select id="findByNameAndPersonAndCreateDate" parameterType="com.sxd.swapping.domain.HuaYangArea" resultType="com.sxd.swapping.base.HuaYangModelBean"> select hy.uid uid, hy.create_date createDate, hy.update_date updateDate, hy.area_name areaName, hy.area_person areaPerson from hua_yang_area AS hy <where> 1=1 <if test="areaName != null"> AND hy.area_name LIKE ‘%${areaName}%‘ </if> <if test="areaPerson != null"> AND hy.area_person >= #{areaPerson} </if> <if test="createDate != null"> AND <![CDATA[hy.create_date >= #{createDate}]]> </if> </where> </select> </mapper>
也就是吧原本的
<if test="areaName != null"> AND hy.area_name LIKE ‘%‘ #{areaName} ‘%‘ </if>
修改为
<if test="areaName != null"> AND hy.area_name LIKE ‘%${areaName}%‘ </if>
参考地址:http://www.codes51.com/itwd/1422194.html
标签:blank iat parse param table ssi nta tab test
原文地址:https://www.cnblogs.com/sxdcgaq8080/p/9068355.html