PostgreSql中JSON类型,防火墙BUG? #1592
Comments
|
如下四个操作符号都是支持的 你提供的??这个操作符,文档中没找到 |
|
在进行JSON类型查询时,有几个操作符 : 但是JDBC的prepareStatement中?是占位符,正好和PostgreSql中的带问号的操作符冲突。如果上面的三个操作符在PostgreSql中使用prepareStatement,就需要进行转义处理,转以后的符号为:?? ??| ??& 相关SQL: |
wenshao
added a commit
to wenshao/druid
that referenced
this issue
Jan 26, 2017
|
问题重现并且解决,将会尽快发布新版本 |
|
src/main/java/com/alibaba/druid/sql/parser/Token.java 为何第二个问号是中文全角的? |
|
问题已经修复,全角问题不影响使用,下个版本修复。请使用1.0.28版本 |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
PostgreSql中使用JSON类型,查询的时候需要对?转义为??,但是会被druid的防火墙拦截掉,求解决方案。
相关操作符参照:
https://www.postgresql.org/docs/9.6/static/functions-json.html
https://jdbc.postgresql.org/documentation/head/statement.html
例如SQL:SELECT count(1) FROM t_user WHERE property ?? 'name'
相关日志:
org.springframework.jdbc.UncategorizedSQLException: PreparedStatementCallback; uncategorized SQLException for SQL [SELECT count(1) FROM t_user WHERE property ?? ?]; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :'HERE property ?? ?',expect QUES, actual QUES property : SELECT count(1) FROM t_user WHERE property ?? ?; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'HERE property ?? ?',expect QUES, actual QUES property : SELECT count(1) FROM t_user WHERE property ?? ?
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'HERE property ?? ?',expect QUES, actual QUES property : SELECT count(1) FROM t_user WHERE property ?? ?
at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:724) ~[druid-1.0.24.jar:1.0.24]
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:252) ~[druid-1.0.24.jar:1.0.24]
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448) ~[druid-1.0.24.jar:1.0.24]
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:928) ~[druid-1.0.24.jar:1.0.24]
at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) ~[druid-1.0.24.jar:1.0.24]
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448) ~[druid-1.0.24.jar:1.0.24]
The text was updated successfully, but these errors were encountered: