开发者社区> 问答> 正文

com.alibaba.druid.sql.parser.ParserExcep?报错

@wenshao 你好,想跟你请教个问题:

1) druid版本号:0.2.21

2) 产生错误的SQL:mybatis

      select * from test 
        where 1=1 
        <if test="info1!=null and info1!=''">
            and info1 like "%"#{info1}"%" 
        </if>

3) 数据库类型:mysql

23:28:59.112 [25591043@qtp-33385450-2] ERROR c.a.druid.filter.stat.StatFilter - merge sql error, dbType mysql, sql : 
select * from test 
        where 1=1 
         
            and info1 like "%"?"%" limit 0,10
com.alibaba.druid.sql.parser.ParserException: syntax error, QUES %, pos 80
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:237) ~[druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:76) ~[druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.sql.visitor.ParameterizedOutputVisitorUtils.parameterize(ParameterizedOutputVisitorUtils.java:42) ~[druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.filter.stat.StatFilter.mergeSql(StatFilter.java:145) [druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.filter.stat.StatFilter.createSqlStat(StatFilter.java:629) [druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.filter.stat.StatFilter.statementPrepareAfter(StatFilter.java:305) [druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:124) [druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:446) [druid-0.2.21.jar:0.2.21]
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342) [druid-0.2.21.jar:0.2.21]

这个报错的,帮忙看看是什么原因啊


展开
收起
爱吃鱼的程序员 2020-06-22 18:42:01 1402 0
1 条回答
写回答
取消 提交回答
  • https://developer.aliyun.com/profile/5yerqm5bn5yqg?spm=a2c6h.12873639.0.0.6eae304abcjaIB

    你这个sql真是对的么?like'%'+#{<spanstyle="font-family:微软雅黑,Verdana,sans-serif,宋体;font-size:14px;line-height:22px;background-color:#FFFFFF;">info1}+'%'selectfromtest 
        where1=1 
        <iftest="info1!=nullandinfo1!=''">
          andinfo1like'%'#{info1}'%' 

        </if>

    修改成这样了的,还是有问题的,是不是不能解析那个?的原因嘛<aclass='referer'target='_blank'>@wenshao

    selectcount(0)from(selectfromtest 
        where1=1 
         
          andinfo1like'%'?'%')astmp_count
    com.alibaba.druid.sql.parser.ParserException:syntaxerror,expectRPAREN,actualQUES%,pos102
    atcom.alibaba.druid.sql.parser.SQLParser.accept(SQLParser.java:127)~[druid-0.2.21.jar:0.2.21]
    atcom.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:295)~[druid-0.2.21.jar:0.2.21]
    atcom.alibaba.druid.sql.parser.SQLSelectParser.parseFrom(SQLSelectParser.java:286)~[druid-0.2.21.jar:0.2.21]
    atcom.alibaba.druid.sql.dialect.mysql.parser.MySqlSelectParser.query(MySqlSelectParser.java:188)~[druid-0.2.21.jar:0.2.21]

    其实我那个列表是都已经出来了的,只是这个是后台报错的<aclass='referer'target='_blank'>@wenshao<spanstyle="font-family:微软雅黑,Verdana,sans-serif,宋体;font-size:14px;line-height:normal;background-color:#FFFFFF;">like'%#{ <spanstyle="font-family:微软雅黑,Verdana,sans-serif,宋体;font-size:14px;line-height:22px;background-color:#FFFFFF;">info1<spanstyle="font-family:微软雅黑,Verdana,sans-serif,宋体;font-size:14px;line-height:normal;background-color:#FFFFFF;">}%' 试试这样还是有问题的你的问题解了吗?我也遇到这个问题;。。。请问问题解决了吗?我现在遇到这个问题,折腾了两天了。求解决方法!!!

    <spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;">'%${ <spanstyle="font-size:14px;font-family:微软雅黑,Verdana,sans-serif,宋体;line-height:22px;background-color:#FFFFFF;">info1<spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;">}%' <spanstyle="line-height:1.5;font-size:10pt;">或者<spanstyle="font-size:13.3333330154419px;">CONCAT(<spanstyle="font-size:13.3333330154419px;"><spanstyle="font-size:13.3333330154419px;">CONCAT('%',#{<spanstyle="font-family:微软雅黑,Verdana,sans-serif,宋体;font-size:14px;line-height:22px;background-color:#FFFFFF;">info1<spanstyle="font-size:13.3333330154419px;">}),'%')

    <spanstyle="line-height:1.5;font-size:10pt;">

    <spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;">'%${ <spanstyle="font-size:14px;font-family:微软雅黑,Verdana,sans-serif,宋体;line-height:22px;background-color:#FFFFFF;">info1<spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;">}%'此方法有注入风险,有无更好的方案
    like"%"||#{<spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;"><spanstyle="font-size:14px;font-family:微软雅黑,Verdana,sans-serif,宋体;line-height:22px;background-color:#FFFFFF;">info1<spanstyle="font-size:14px;line-height:normal;font-family:微软雅黑,Verdana,sans-serif,宋体;background-color:#FFFFFF;">}||"%"此方法可行,也不报错

    2020-06-22 18:42:19
    赞同 展开评论 打赏
问答排行榜
最热
最新

相关电子书

更多
SQL Server 2017 立即下载
GeoMesa on Spark SQL 立即下载
原生SQL on Hadoop引擎- Apache HAWQ 2.x最新技术解密malili 立即下载