参数名引发的血案

最新推荐文章于 2023-06-06 17:48:00 发布
最新推荐文章于 2023-06-06 17:48:00 发布
阅读量3.6k 收藏 1
点赞数 1
分类专栏: 数据库 Java 文章标签: 数据库 mybatis
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/limenghua9112/article/details/51282034
版权

概况

今天在解决一个Bug时,修改了原先的SQL语句,在数据库执行通过之后,复制到了项目中,使用MyBatis进行查询,却屡屡报错,现在把解决问题的过程记下来

报错信息

报错1

2016/04/29 13:51:20 ERROR ExamResultServiceImpl:50 - 查询视力检查结果异常
org.springframework.jdbc.UncategorizedSQLException: 
### Error querying database.  Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect CALL, actual FROM : SELECT
        a.screen_type,
        a.file_id,
        vis.vaexamtime as done_date,
        c.hospital_name
    FROM
        eye_refraction_info a,
        eye_x_hospital_info c,
        eye_diab_visualacuity vis
    WHERE
        a.hospital_id = c.hospital_id
    AND a.exam_id = vis.examoid
    AND a.personcard_no = ?
    AND a.del_flag = '0'
    AND vis.del_flag = '0'
    AND c.del_flag = '0'
    AND a.file_status > 3
    ORDER BY
        done_date DESC
    LIMIT $ {from}, $ {pagesize}

报错2:

2016/04/29 14:19:03 ERROR ExamResultServiceImpl:50 - 查询视力检查结果异常
org.springframework.jdbc.BadSqlGrammarException: 
### Error querying database.  Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
### The error may exist in file [***.xml]
### The error may involve ***.getAllExamResults-Inline
### The error occurred while setting parameters
### SQL: SELECT         a.screen_type,         a.file_id,         vis.vaexamtime as done_date,         c.hospital_name     FROM         eye_refraction_info a,         eye_x_hospital_info c,         eye_diab_visualacuity vis     WHERE         a.hospital_id = c.hospital_id     AND a.exam_id = vis.examoid     AND a.personcard_no = ?     AND a.del_flag = '0'     AND vis.del_flag = '0'     AND c.del_flag = '0'     AND a.file_status > 3     ORDER BY         done_date DESC     LIMIT ?, ?
### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
; bad SQL grammar []; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'null' at line 20
    at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.java:231)
    at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:73)
    at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)
    at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:371)
    at com.sun.proxy.$Proxy20.selectList(Unknown Source)
    at org.mybatis.spring.SqlSessionTemplate.selectList(SqlSessionTemplate.java:198)
    at org.apache.ibatis.binding.MapperMethod.executeForMany(MapperMethod.java:114)
    at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:58)
    at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:43)
    at com.sun.proxy.$Proxy21.getAllExamResults(Unknown Source)
    at **.getExamResult(**.java:37)
    at ** (**.java:64)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:215)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:104)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:749)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:690)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:945)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:876)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:961)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:852)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:292)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:108)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
    at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:745)

原因

之前用的分页是这样的:

LIMIT ${from}, ${pagesize}

其中,开始位置的参数同事用了“from”,和数据库中的关键字一样有木有!!现在的语句是这样的:

    SELECT
        a.screen_type,
        a.file_id,
        vis.vaexamtime as done_date,
        c.hospital_name
    FROM eye_refraction_info a, eye_x_hospital_info c, eye_diab_visualacuity vis
    WHERE
        a.hospital_id = c.hospital_id
    AND a.exam_id = vis.examoid
    AND a.personcard_no = #{personcard}
    AND a.del_flag = '0'
    AND vis.del_flag = '0'
    AND c.del_flag = '0'
    AND a.file_status > 3
    ORDER BY done_date DESC LIMIT #{pageStart}, #{pageSize}

后来根据报错信息,发现其中一个参数为Null,检查参数名称后发现,原来传入的是“pagesize”,mybatis中配置的是“pageSize”,一个字母大小写,折腾了这么久,太不应该了。

教训

  1. 以报错信息为准去找问题,不要乱找
  2. 遇事冷静、细心分析
快乐柠檬
关注
专栏目录
Error querying database. Cause: java.sql.SQLSyntaxErrorException: In aggregated query without GROUP
weixin_44262390的博客
03-05 3705
异常: Error querying database. Cause: java.sql.SQLSyntaxErrorException: In aggregated query without GROUP BY, expression #5 of SELECT list contains nonaggregated column 'road_tunnel_test.a.id'; this is incompatible with sql_mode=only_full_group_by 参考:https
如何解决MySQL报错 You have an error in your SQL syntax; check the manual that corresponds to your MySQL?
最新发布
小小恶斯法克的博客
01-12 1万+
✨如果你想要确保数据满足特定的条件,可以考虑使用触发器(trigger)来实现类似的功能。通过创建触发器,你可以在插入或更新数据时执行自定义的逻辑,包括条件检查。END;✨在这个示例中,我们创建了一个为的触发器,在每次向user表中插入新数据之前都会执行。如果年龄不符合条件,则会产生一个信号(SIGNAL),并返回一条错误消息。✨通过使用触发器,你可以实现类似于CHECK约束的行为,并在需要时执行自定义的条件检查逻辑。✨。
rror updating database. Cause: java.sql.SQLSyntaxErrorException解决方案
weixin_58419099的博客
06-06 9213
这里是因为字段使用关键字, 这个关键字和mysql的本身的关键字冲突。
mysql 错误 You have an error in your SQL syntax; check the manual that corresponds to your MySQL serve
piaomiaozaitianya的博客
01-12 1286
这个一般就是sql 语法错误,一般常见的就是多了 逗号“,” 。但是有一种错误可能会被忽略,当你的sql语句认为正确的时候,不妨看看是不是字段里又关键词当字段,一般编辑器会边颜色,比如关键词 key, describe等,用关键词当字段时候 语法需要加 "`"符号 比如:select a,b,c,`describe`,`key` from t_test ...
org.springframework.jdbc.BadSqlGrammarException
吃根草的博客
06-23 8566
==>  Preparing: select * from users where username = ? and password = ?   ==> Parameters: 张三(String), zs(String)  六月 23, 2018 4:47:12 下午 org.apache.catalina.core.StandardWrapperValve invoke SEVE...
第002章 一个输入框引发血案.rarpython面试
08-13
而"一个输入框引发血案"这个标题似乎暗示了一个关于用户输入的安全性问题,这在Web开发中是一个极其重要的主题。在Python中,对用户输入的不当处理可能导致各种安全风险,如SQL注入、跨站脚本(XSS)攻击等。 ...
MySQL中因一个双引号错位引发血案详析
09-09
然而,当双引号的使用不当时,可能会导致意料之外的结果,就像标题和描述中提到的“血案”。这个问题源自于开发人员在编写SQL语句时,双引号的位置错误,导致了数据的意外更新。 首先,我们看一个例子: ```sql ...
mysql中一个普通ERROR 1135 (HY000)错误引发血案
09-10
3. **优化MySQL配置**:适当增加`max_connections`值,并根据需要调整其他相关参数,如`thread_cache_size`。 4. **监控MySQL日志**:持续关注MySQL的日志,以捕获任何潜在的问题或警告。 5. **资源管理**:如果系统...
org.springframework.jdbc.BadSqlGrammarException: ### Error updating database.
lsbnzs447的博客
04-12 2823
检查与您的MySQL服务器版本相对应的手册,了解在附近使用的正确语法 ‘delete=1 where id=4 AND delete=0’根据标错信息得知SQL语句写错了,发现手误写错delete,与sql语句的delete重,把它修改为deleted就好了。您的 SQL 语法有误。
Spring5:就这一次,搞定JDBC异常转换器之自定义异常转换器
seasonsbin的专栏
06-14 6685
在上一篇文章里面分析到,Spring JDBC异常转换器为开发者预留了接口
今天线上系统碰到个怪问题DBCP数据连接异常,java.sql.SQLException: Already closed.
Jerry的一亩三分地
08-31 1万+
java.sql.SQLException: Already closed. at org.apache.commons.dbcp.PoolableConnection.close(PoolableConnection.java:84) ~[commons-dbcp-1.2.2.jar:1.2.2] at org.apache.commons.dbcp.PoolingDataSource$Po
MyBatis中的TooManyResultsException问题
异常世界的行者孙
06-14 6783
org.mybatis.spring.MyBatisSystemException: nested exception is org.apache.ibatis.exceptions.TooManyResultsException: Expected one result (or null) to be returned by selectOne(), but found: 2 at org.m
java执行sql列无效_java.sql.SQLException:列无效
weixin_39997695的博客
12-20 3375
我无法弄清楚为什么我在这里得到“无效的列”.我们已经在Oracle中直接尝试了sql的一个变体,并且它工作正常,但是当我使用jdbcTemplate尝试它时,出了点问题.List alleXmler = jdbcTemplate.query("select p.applicationid, x.datadocumentid, x.datadocumentxml " +"from CFUSEREN...
com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException异常原因解析
热门推荐
Big Data
09-13 26万+
今天,博主在写项目时遇到了com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException异常,这种异常变态到极致,一般都是自己的sql语句写错了。 @Insert({"insert into ",TABLE_NAME ," (",INSET_FIELDS, ") values (#{name},#{password}
关于mybatis的一个bug问题
超哥superb 的专栏
06-01 7776
错误:org.springframework.jdbc.BadSqlGrammarException:  ### Error updating database.  Cause: java.sql.SQLException: Unknown column 'derId' in 'where clause' ### The error may involve com.jiuyi.vggle.da
报错:Error querying database. Cause: java.sql.SQLException: Access denied for user ‘root‘@‘localhost‘
老达摩的博客
11-11 1万+
报错:Error querying database. Cause: java.sql.SQLException: Access denied for user ‘root’@‘localhost’ (using password: YES) 在学习Mybatis时遇到错误Access denied for user ‘root’@‘localhost’ (using password: YES),一直找不到原因,如图: 出现此类原因大部分不是技术上的问题,是粗心造成的,翻译显示: 查询数据库时出错。原因
错误You have an error in your SQL syntax; check the manual that corresponds to your MySQL
start_XUEBA的博客
06-17 5320
查询数据库数据表的时候,一个简单的sql查询语句,可是一直报错:com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the ...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值