Wall过滤器误报SQL解析错误：ERROR. token : QUESBAR #1750

roc-cn · 2017-05-19T15:20:51Z

错误如下：

Caused by: java.sql.SQLException: sql injection violation, syntax error: ERROR. token : QUESBAR, pos : 173 :  SELECT TMP_PAGE.*, ROWNUM ROW_ID FROM ( SELECT M.*, A.*
		FROM T_EW_MERCHANT M LEFT JOIN LP_ADDRESS A
		ON
		M.ADDRESS_KEY = A.KEY
		 
			WHERE M.MERCHANT_CODE LIKE '%'||?||'%'
			OR
			M.MERCHANT_NAME LIKE '%'||?||'%'
			OR M.MERCHANT_NAME LIKE
			'%'||?||'%'
			OR M.CERTIFICATE LIKE
			'%'||?||'%'
			OR M.OWNER
			LIKE
			'%'||?||'%'
			OR A.COUNTRY LIKE
			'%'||?||'%'
			OR
			A.PROVINCE LIKE
			'%'||?||'%'
			OR A.CITY LIKE
			'%'||?||'%'
			OR A.COUNTY LIKE
			'%'||?||'%'
			OR A.STREET_AREA LIKE
			'%'||?||'%'
			OR A.DETAILE LIKE
			'%'||?||'%'
			OR A.ZIPCODE
			LIKE
			'%'||?||'%' ) TMP_PAGE WHERE ROWNUM <= 10

版本：

<dependency>
			<groupId>com.alibaba</groupId>
			<artifactId>druid</artifactId>
			<version>1.0.31</version>
		</dependency>

The text was updated successfully, but these errors were encountered:

wenshao · 2017-06-25T13:27:56Z

已修复问题，请用新版本 https://github.com/alibaba/druid/releases/tag/1.1.0

wenshao added this to the 1.0.32 milestone May 31, 2017

wenshao modified the milestones: 1.1.0, 1.0.32 Jun 25, 2017

wenshao closed this as completed Jun 25, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Wall过滤器误报SQL解析错误：ERROR. token : QUESBAR #1750

Wall过滤器误报SQL解析错误：ERROR. token : QUESBAR #1750

roc-cn commented May 19, 2017

wenshao commented Jun 25, 2017

Wall过滤器误报SQL解析错误：ERROR. token : QUESBAR #1750

Wall过滤器误报SQL解析错误：ERROR. token : QUESBAR #1750

Comments

roc-cn commented May 19, 2017

wenshao commented Jun 25, 2017