java.sql.SQLException: sql injection violation, syntax error: TODO QUES

tags: Error record  exception  java

Abnormal record, I have encountered similar problems, but because I have not recorded, I have been investigated for nearly two hours, I remember to remember! ! !

See an abnormal description

org.springframework.jdbc.UncategorizedSQLException: 
### Error querying database.  Cause: java.sql.SQLException: sql injection violation, syntax error: TODO QUES : SELECT nvl(QBXSSR,0) from GS_SB_SBXX t
		WHERE t.result_id=? AND t.ZSXM_DM='10101'
		AND trunc(t.SSSQZ,'mm') BETWEEN add_months(TO_DATE(?,'yyyy-mm-dd'),-?)  
					AND add_months(TO_DATE(?,'yyyy-mm-dd'),-?)
### The error may exist in file [D:\Java\Eclipse\eclipseworkspace\other\dg-platform-B-0058\target\classes\config\mybatis\mapper\dgsqlmap\sqlmap-mapping-warnquantifymodelindex.xml]
### The error may involve com.vplatform.webside.earlywarning.mapper.WarnQuantifyModelIndexMapper.getTaxZzsXSSR
### The error occurred while executing a query
......

Abnormal code segment in Mybatis XML

	<select id="getTaxZzsXSSR" parameterType="map" resultType="BigDecimal">
		SELECT nvl(QBXSSR,0) from GS_SB_SBXX t
		WHERE t.result_id=#{resultId} AND t.ZSXM_DM='10101'
		AND trunc(t.SSSQZ,'mm') BETWEEN add_months(TO_DATE(#{zzsMaxDate},'yyyy-mm-dd'),-#{somendxj})  
					AND add_months(TO_DATE(#{zzsMaxDate},'yyyy-mm-dd'),-#{somendsj})
	</select>

 

This exception has been summarized, but there is a problem, then throw the entire SQL statement, not clearly explaining what problems and specific locations, will join SQL through DEBUG, and execute this script in PLSQL is not reported, So exclude the problem of statement, and determined that the ParameterType is correct, and finally determined as a connection method, into MAP MAP <string, object>, where Somendxj and Somendsj are int type, where the ginseng can not be # {xxx } The format is changed to $ {xxx}.

The solved code segment is

	<select id="getTaxZzsXSSR" parameterType="map" resultType="BigDecimal">
		SELECT nvl(QBXSSR,0) from GS_SB_SBXX t
		WHERE t.result_id=#{resultId} AND t.ZSXM_DM='10101'
		AND trunc(t.SSSQZ,'mm') BETWEEN add_months(TO_DATE(#{zzsMaxDate},'yyyy-mm-dd'),-${somendxj})  
					AND add_months(TO_DATE(#{zzsMaxDate},'yyyy-mm-dd'),-${somendsj})
	</select>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Intelligent Recommendation

sql injection violation, syntax error: ERROR

Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: ERROR. pos 998, line 14, column 41, token ON : select Solution: keyword conflict Today, I encountered this...

org.springframework.jdbc.UncategorizedSQLException: sql injection violation, syntax error: ERROR

org.springframework.jdbc.UncategorizedSQLException: Error updating database. Cause: java.sql.SQLException: sql injection violation, syntax error: ERROR. pos 152, line 2, column 24, token COMMA : SQL: ...

Java.sql.SQLException: sql injection violation of Druid

When we used the druid connection pool in the project to manage the data source, and configured the following monitoring When executing the SQL stitched by the program, the $ {sql} is used in the xml ...

Solve Error Querying Database. Cause: java.sql.sqlexception: SQL INJECTION VIOLATION ....

Solve Error Querying Database. Cause: java.sql.sqlexception: SQL INJECTION VIOLATION ... Recently, the demand for the boss is the combination of fuzzy search and PageHelper to display the data display...

2020-12-21 Back-end error java.sql.SQLException: sql injection violation solution

Error: Error 500 is reported in the foreground, indicating that the error occurred in the background; Background error: ### Error querying database.  Cause: java.sql.SQLException: sql injection v...

More Recommendation

error code [0]; sql injection violation, syntax error: syntax error, error in :'rder by picture_ord

How should I change the front-end value when it is not received? Modify the controller layer: Then I found that I still reported an error and the error was as follows: modification: This is solved. Su...

sql injection violation, syntax error: syntax error, error in :‘**‘expect IDENTIFIER, actual IDENTIF

Contents of this article 1. Background description Second, the cause of the error Three, the solution 3.1 Scheme One 3.2 Scheme Two java.sql.SQLException: sql injection violation, syntax error: syntax...

Mybatis error: SQL Injection Violation, Syntax Error: Syntax Error, Expect RParen, Actual for For for

The SQL statement can be executed normally in Navicate, but the above errors are reported in mybatis. The SQL statement is as follows: The [SUBSTR] method is reported, that is,Substr (xx from pos for ...

uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error

uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error: ERRORSQLException Summary: The main record of the abnormalities encountered when I wrote SQL in the...

Solution - "java.sql.SQLException: sql injection violation, multi-statement not allow

Copyright statement: This article is an original article of the blogger, can be reproduced without authorization, and does not even need to retain the above copyright statement, please be sure to indi...

Copyright  DMCA © 2018-2026 - All Rights Reserved - www.programmersought.com  User Notice

Top