使用Druid时 模糊查询抛出com.alibaba.druid.sql.parser.ParserException

使用Druid后,模糊查询抛出异常

- xml文件如下:

<if test="type != null">
  `type` like '%' #{type,jdbcType=VARCHAR} '%'
</if>

- 异常如下:

### Error querying database.  Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'ype` like '%' ? '%'', expect QUES, actual QUES pos 201, line 7, column 28, token QUES : select
     
    id, `type`, creatTime, expirationTime, isRecommend, `position`, companyName, companyNature, 
    jobName, jobNature, eduBackground, url
   
    from t_info
     WHERE `type` like '%' ? '%'
### The error may exist in file [D:\ezhaohui1.0.1\target\classes\mapper\Info\InfoMapper.xml]
### The error may involve com.join.ezhaohui.mapper.InfoMapper.multiSelect
### The error occurred while executing a query
### SQL: select           id, `type`, creatTime, expirationTime, isRecommend, `position`, companyName, companyNature,      jobName, jobNature, eduBackground, url         from t_info      WHERE `type` like '%' ? '%'
### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'ype` like '%' ? '%'', expect QUES, actual QUES pos 201, line 7, column 28, token QUES : select
     
    id, `type`, creatTime, expirationTime, isRecommend, `position`, companyName, companyNature, 
    jobName, jobNature, eduBackground, url
   
    from t_info
     WHERE `type` like '%' ? '%'
; uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :'ype` like '%' ? '%'', expect QUES, actual QUES pos 201, line 7, column 28, token QUES : select
     
    id, `type`, creatTime, expirationTime, isRecommend, `position`, companyName, companyNature, 
    jobName, jobNature, eduBackground, url
   
    from t_info
     WHERE `type` like '%' ? '%'; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'ype` like '%' ? '%'', expect QUES, actual QUES pos 201, line 7, column 28, token QUES : select
     
    id, `type`, creatTime, expirationTime, isRecommend, `position`, companyName, companyNature, 
    jobName, jobNature, eduBackground, url
   
    from t_info
     WHERE `type` like '%' ? '%'] with root cause

com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'ype` like '%' ? '%'', expect QUES, actual QUES pos 201, line 7, column 28, token QUES

发现参数“type”传入失败
将xml文件修改为like concat('%',#{type,jdbcType=VARCHAR},'%')
模糊查询使用正常

  • 0
    点赞
  • 0
    评论
  • 0
    收藏
  • 打赏
    打赏
  • 扫一扫,分享海报

©️2022 CSDN 皮肤主题:大白 设计师:CSDN官方博客 返回首页

打赏作者

Maxin24

你的鼓励将是我创作的最大动力

¥2 ¥4 ¥6 ¥10 ¥20
输入1-500的整数
余额支付 (余额:-- )
扫码支付
扫码支付:¥2
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、C币套餐、付费专栏及课程。

余额充值