1.测试版本: 1.1.21/1.2,6均出现该问题
2.出错sql :select * from demo where name like "%"?"%"
出错位置: ps = conn.prepareStatement(sql);
经测试 :MysqlDataSource 的 ps = conn.prepareStatement(sql); 无该问题.
3.异常信息:java.sql.SQLException: sql injection violation, dbType mysql, , druid-version 1.2.5, syntax error: syntax error, error in :'name like "%"?"%", pos 54, line 1, column 54, token ? : select * from demo d where d.name like "%"?"%"
4:附录,在使用wallFilter时,其解析也会出错.类似于以下报错:sql injection violation, syntax error: syntax error, error in :'code like "%"?"%" ', expect QUES, actual QUES pos 232, line 9, column 43, token QUES
报错位置存在于以下位置:com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'code like "%"?"%" ', expect QUES, actual QUES pos 232, line 9, column 43, token QUES at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:344) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:532) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:182) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:624) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:578)
1条答案
按热度按时间0ve6wy6x1#
附 MysqlDataSource 测试文件