参数名引发的血案

概况

今天在解决一个Bug时，修改了原先的SQL语句，在数据库执行通过之后，复制到了项目中，使用MyBatis进行查询，却屡屡报错，现在把解决问题的过程记下来

报错信息

报错1

2016/04/29 13:51:20 ERROR ExamResultServiceImpl:50 - 查询视力检查结果异常
org.springframework.jdbc.UncategorizedSQLException: 
### Error querying database.  Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect CALL, actual FROM : SELECT
        a.screen_type,
        a.file_id,
        vis.vaexamtime as done_date,
        c.hospital_name
    FROM
        eye_refraction_info a,
        eye_x_hospital_info c,
        eye_diab_visualacuity vis
    WHERE
        a.hospital_id = c.hospital_id
    AND a.exam_id = vis.examoid
    AND a.personcard_no = ?
    AND a.del_flag = '0'
    AND vis.del_flag = '0'
    AND c.del_flag = '0'
    AND a.file_status > 3
    ORDER BY
        done_date DESC
    LIMIT $ {from}, $ {pagesize}

报错2：

2016/04/29 14:19:03 ERROR ExamResultServiceImpl:50 - 查询视力检查结果异常
org.springframework.jdbc.BadSqlGrammarException: 
### Error querying database.  Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
### The error may exist in file [***.xml]
### The error may involve ***.getAllExamResults-Inline
### The error occurred while setting parameters
### SQL: SELECT         a.screen_type,         a.file_id,         vis.vaexamtime as done_date,         c.hospital_name     FROM         eye_refraction_info a,         eye_x_hospital_info c,         eye_diab_visualacuity vis     WHERE         a.hospital_id = c.hospital_id     AND a.exam_id = vis.examoid     AND a.personcard_no = ?     AND a.del_flag = '0'     AND vis.del_flag = '0'     AND c.del_flag = '0'     AND a.file_status > 3     ORDER BY         done_date DESC     LIMIT ?, ?
### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
; bad SQL grammar []; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
    at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:231)
    at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:73)
    at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)
    at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:371)
    at com.sun.proxy.$Proxy20.selectList(Unknown Source)
    at org.mybatis.spring.SqlSessionTemplate.selectList(SqlSessionTemplate.java:198)
    at org.apache.ibatis.binding.MapperMethod.executeForMany(MapperMethod.java:114)
    at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
    at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:43)
    at com.sun.proxy.$Proxy21.getAllExamResults(Unknown Source)
    at **.getExamResult(**.java:37)
    at ** (**.java:64)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:749)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:690)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:945)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:876)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

原因

之前用的分页是这样的：

LIMIT ${from}, ${pagesize} 

其中，开始位置的参数同事用了“from”，和数据库中的关键字一样有木有！！现在的语句是这样的：

    SELECT
        a.screen_type,
        a.file_id,
        vis.vaexamtime as done_date,
        c.hospital_name
    FROM eye_refraction_info a, eye_x_hospital_info c, eye_diab_visualacuity vis
    WHERE
        a.hospital_id = c.hospital_id
    AND a.exam_id = vis.examoid
    AND a.personcard_no = #{personcard}
    AND a.del_flag = '0'
    AND vis.del_flag = '0'
    AND c.del_flag = '0'
    AND a.file_status > 3
    ORDER BY done_date DESC LIMIT #{pageStart}, #{pageSize}

后来根据报错信息，发现其中一个参数为Null，检查参数名称后发现，原来传入的是“pagesize”，mybatis中配置的是“pageSize”，一个字母大小写，折腾了这么久，太不应该了。

教训

1. 以报错信息为准去找问题，不要乱找
2. 遇事冷静、细心分析