启用druid的wall的时候,mysql的haveing子句报错?报错
@wenshao 你好,想跟你请教个问题:
这是jfinal中启用druid的wall的时候,这个语句就会报错,关掉wall就没问题,请问下是druid的bug么
Caused by: java.sql.SQLException: sql injection violation : select count(*) FROM (SELECT P1.POST_ID, P1.POST_CONTENT,P1.IS_ANONYMOUS,P1.USER_ID,P1.EMAIL,P1.POST_STATE,P1.POST_DATE,P1.POST_UPDATE_DATE,P1.STAFF_ID,U.USER_NAME,U.INDIV_NAME,U.DISPLAY_PICTURE FROM post P1 LEFT JOIN user_info U ON P1.USER_ID=U.USER_ID HAVING P1.POST_STATE = ?) P
at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:311)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:169)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:446)
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:911)
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:446)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:312)
at com.jfinal.plugin.activerecord.Db.query(Db.java:39)
at com.jfinal.plugin.activerecord.Model.paginate(Model.java:217)
... 26 more
Caused by: com.alibaba.druid.sql.parser.SQLParseException: syntax error, expect RPAREN, actual HAVING HAVING
at com.alibaba.druid.sql.parser.SQLParser.accept(SQLParser.java:125)
at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:291)
at com.alibaba.druid.sql.parser.SQLSelectParser.parseFrom(SQLSelectParser.java:282)
at com.alibaba.druid.sql.dialect.mysql.parser.MySqlSelectParser.query(MySqlSelectParser.java:182)
at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:59)
at com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser.parseSelect(MySqlStatementParser.java:184)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:86)
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:139)
at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:298)
... 35 more
写回答
-
https://developer.aliyun.com/profile/5yerqm5bn5yqg?spm=a2c6h.12873639.0.0.6eae304abcjaIB这个SQL语句,只有HAVING没有GROUPBY?OK了,tks,having是严格依赖于groupby的...我用sqlyog执行过这些语句,这个工具好像没有这么严格的检查,我就没多想这个语句有问提,基础不扎实,让您见笑了
2020-06-22 21:58:10赞同 展开评论 打赏
版权声明:本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《阿里云开发者社区用户服务协议》和《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
