1.异常
今天调试bug时,sql语句如下:
and create_time >= sysdate - interval '30' day and rownum <=400
查询报错:
org.springframework.jdbc.UncategorizedSQLException:
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day : SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400
### The error may exist in file [D:\IdeaWorkPlace\giveuStore\giveu-cashLoan\giveu-cashLoan-service\target\classes\mapper\dafy\CsCreditMapper.xml]
### The error may involve com.dafycredit.cashLoan.mapper.dafy.CsCreditMapper.getEntryForConditional_COUNT
### The error occurred while executing a query
### SQL: SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400
### Cause: java.sql.SQLException: sql injection violation, syntax error: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day : SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, syntax error: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day : SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400; nested exception is java.sql.SQLException: sql injection violation, syntax error: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day : SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:90)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:82)
at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:82)
at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)
at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:446)
at com.sun.proxy.$Proxy124.selectList(Unknown Source)
at org.mybatis.spring.SqlSessionTemplate.selectList(SqlSessionTemplate.java:230)
at com.baomidou.mybatisplus.core.override.PageMapperMethod.executeForMany(PageMapperMethod.java:173)
at com.baomidou.mybatisplus.core.override.PageMapperMethod.execute(PageMapperMethod.java:86)
at com.baomidou.mybatisplus.core.override.PageMapperProxy.invoke(PageMapperProxy.java:64)
at com.sun.proxy.$Proxy147.getEntryForConditional(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:333)
at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:190)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at org.springframework.dao.support.PersistenceExceptionTranslationInterceptor.invoke(PersistenceExceptionTranslationInterceptor.java:136)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:213)
at com.sun.proxy.$Proxy148.getEntryForConditional(Unknown Source)
at com.dafycredit.cashLoan.service.impl.CsCreditServiceImpl.getEntryForConditional(CsCreditServiceImpl.java:402)
at com.dafycredit.cashLoan.service.impl.CsCreditServiceImpl$$FastClassBySpringCGLIB$$b666c0ca.invoke(<generated>)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:204)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:738)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:157)
at com.dafycredit.log.aop.ServiceLogAspect.invoke(ServiceLogAspect.java:58)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:92)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:179)
at org.springframework.aop.framework.CglibAopProxy$DynamicAdvisedInterceptor.intercept(CglibAopProxy.java:673)
at com.dafycredit.cashLoan.service.impl.CsCreditServiceImpl$$EnhancerBySpringCGLIB$$3113a4a1.getEntryForConditional(<generated>)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:205)
at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:133)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:97)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:827)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:738)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:967)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:901)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:970)
at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:872)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:846)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.web.filter.ApplicationContextHeaderFilter.doFilterInternal(ApplicationContextHeaderFilter.java:55)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at com.alibaba.druid.support.http.WebStatFilter.doFilter(WebStatFilter.java:123)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.trace.WebRequestTraceFilter.doFilterInternal(WebRequestTraceFilter.java:110)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:108)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.cloud.sleuth.instrument.web.TraceFilter.doFilter(TraceFilter.java:166)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.boot.actuate.autoconfigure.MetricsFilter.doFilterInternal(MetricsFilter.java:106)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1459)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: sql injection violation, syntax error: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day : SELECT count(0) FROM cs_credit WHERE 1 = 1 AND credit_model IN (?) AND status = ? AND CREDIT_TYPE IN (?) AND create_time >= sysdate - INTERVAL '30' day AND rownum <= 400
at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:725)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:253)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448)
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:928)
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:346)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.ibatis.logging.jdbc.ConnectionLogger.invoke(ConnectionLogger.java:55)
at com.sun.proxy.$Proxy284.prepareStatement(Unknown Source)
at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:87)
at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88)
at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:49)
at com.baomidou.mybatisplus.extension.plugins.PaginationInterceptor.intercept(PaginationInterceptor.java:166)
at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:61)
at com.sun.proxy.$Proxy283.prepare(Unknown Source)
at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:85)
at org.apache.ibatis.executor.SimpleExecutor.doQuery(SimpleExecutor.java:62)
at org.apache.ibatis.executor.BaseExecutor.queryFromDatabase(BaseExecutor.java:324)
at org.apache.ibatis.executor.BaseExecutor.query(BaseExecutor.java:156)
at com.github.pagehelper.PageInterceptor.intercept(PageInterceptor.java:112)
at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:61)
at com.sun.proxy.$Proxy282.query(Unknown Source)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:148)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:141)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:433)
... 100 common frames omitted
Caused by: java.lang.IllegalArgumentException: No enum constant com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.day
at java.lang.Enum.valueOf(Enum.java:238)
at com.alibaba.druid.sql.dialect.oracle.ast.expr.OracleIntervalType.valueOf(OracleIntervalType.java:18)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleExprParser.parseInterval(OracleExprParser.java:878)
at com.alibaba.druid.sql.parser.SQLExprParser.primary(SQLExprParser.java:567)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleExprParser.primary(OracleExprParser.java:465)
at com.alibaba.druid.sql.parser.SQLExprParser.bitXor(SQLExprParser.java:111)
at com.alibaba.druid.sql.parser.SQLExprParser.multiplicative(SQLExprParser.java:163)
at com.alibaba.druid.sql.parser.SQLExprParser.additiveRest(SQLExprParser.java:1374)
at com.alibaba.druid.sql.parser.SQLExprParser.additive(SQLExprParser.java:1357)
at com.alibaba.druid.sql.parser.SQLExprParser.shift(SQLExprParser.java:1384)
at com.alibaba.druid.sql.parser.SQLExprParser.bitAnd(SQLExprParser.java:1262)
at com.alibaba.druid.sql.parser.SQLExprParser.bitOr(SQLExprParser.java:1276)
at com.alibaba.druid.sql.parser.SQLExprParser.relationalRest(SQLExprParser.java:1510)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleExprParser.relationalRest(OracleExprParser.java:943)
at com.alibaba.druid.sql.parser.SQLExprParser.relational(SQLExprParser.java:1465)
at com.alibaba.druid.sql.parser.SQLExprParser.andRest(SQLExprParser.java:1421)
at com.alibaba.druid.sql.parser.SQLExprParser.exprRest(SQLExprParser.java:104)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleExprParser.exprRest(OracleExprParser.java:1073)
at com.alibaba.druid.sql.parser.SQLExprParser.expr(SQLExprParser.java:91)
at com.alibaba.druid.sql.parser.SQLSelectParser.expr(SQLSelectParser.java:540)
at com.alibaba.druid.sql.parser.SQLSelectParser.parseWhere(SQLSelectParser.java:260)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleSelectParser.query(OracleSelectParser.java:274)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleSelectParser.select(OracleSelectParser.java:81)
at com.alibaba.druid.sql.dialect.oracle.parser.OracleStatementParser.parseStatementList(OracleStatementParser.java:131)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:79)
at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:620)
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:574)
at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:712)
... 138 common frames omitted
2.原因
低版本druid的bug
3.解决办法
<!--添加新版本依赖-->
<dependency>
<groupId>com.alibaba</groupId>
<artifactId>druid</artifactId>
<version>1.0.29</version>
</dependency>
语句调整:
and create_time >= sysdate - interval '30' DAY and rownum <=400
将day改成大写DAY,即可解决。
参考链接:https://blog.csdn.net/qq_42931757/article/details/89330581