DECLARE @test INT;
EXEC @test = dbo.ProTest;
SELECT @test
20 回复
2018-12-05 20:23:50.010 INFO - [NutDaoExecutor.http-bio-80-exec-3] Can't identify SQL type : DECLARE @test INT; EXEC @test = dbo.ProTest; SELECT @test
2018-12-05 20:23:50.010 DEBUG - [NutDaoExecutor.http-bio-80-exec-3] SQLException
java.sql.SQLException: sql injection violation, syntax error: syntax error, error in
请问不可以这样用吗
sql1.setCallback(Sqls.callback.str());
dao.execute(sql1);
System.out.println(sql1.getString());
跑到dao就报错了。
2018-12-05 20:49:34.708 DEBUG - [NutDaoExecutor.http-bio-80-exec-8] declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
2018-12-05 20:49:34.708 INFO - [NutDaoExecutor.http-bio-80-exec-8] Can't identify SQL type : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
2018-12-05 20:49:34.708 DEBUG - [NutDaoExecutor.http-bio-80-exec-8] SQLException
java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:352)
at org.nutz.dao.impl.sql.run.NutDaoExecutor._runPreparedStatement(NutDaoExecutor.java:299)
at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:90)
at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:66)
at org.nutz.dao.impl.interceptor.DaoLogInterceptor.filter(DaoLogInterceptor.java:22)
at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:64)
at org.nutz.dao.DaoInterceptorChain.invoke(DaoInterceptorChain.java:139)
at org.nutz.dao.impl.sql.run.NutDaoRunner.runCallback(NutDaoRunner.java:159)
at org.nutz.dao.impl.sql.run.NutDaoRunner._runWithoutTransaction(NutDaoRunner.java:126)
at org.nutz.dao.impl.sql.run.NutDaoRunner._run(NutDaoRunner.java:93)
at org.nutz.dao.impl.sql.run.NutDaoRunner.run(NutDaoRunner.java:82)
at org.nutz.dao.impl.DaoSupport.run(DaoSupport.java:240)
at org.nutz.dao.impl.DaoSupport._exec(DaoSupport.java:252)
at org.nutz.dao.impl.DaoSupport.execute(DaoSupport.java:236)
at org.nutz.dao.impl.NutDao.execute(NutDao.java:1048)
at com.llsh.www.dao.ChibaoImpl.ChiBaoService.ibooking(ChiBaoService.java:75)
at com.llsh.www.web.controller.client.ChiBaoModule.ibooking(ChiBaoModule.java:108)
at com.llsh.www.web.controller.client.ChiBaoModule$FM$ibooking$7e3a209aff5fd511415ce2380fb0406c.invoke(ChiBaoModule.java)
at org.nutz.mvc.impl.processor.MethodInvokeProcessor.process(MethodInvokeProcessor.java:31)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.AdaptorProcessor.process(AdaptorProcessor.java:38)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.ActionFiltersProcessor.process(ActionFiltersProcessor.java:58)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:126)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at com.llsh.www.Common.datatableentity.GlobalsSettingProcessor.process(GlobalsSettingProcessor.java:29)
at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:67)
at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:202)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output
at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:285)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:395)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:79)
at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:622)
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:576)
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785)
... 65 more
2018-12-05 20:49:34.715 DEBUG - [Connection.http-bio-80-exec-8] {conn-110013} pool-recycle
2018-12-05 20:49:34.715 WARN - [FailProcessor.http-bio-80-exec-8] Error@/chibao/ibooking :
org.nutz.dao.DaoException: !Nutz SQL Error: 'declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno'
PreparedStatement:
'declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno'
CaseMessage=sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:104)
at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:66)
at org.nutz.dao.impl.interceptor.DaoLogInterceptor.filter(DaoLogInterceptor.java:22)
at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:64)
at org.nutz.dao.DaoInterceptorChain.invoke(DaoInterceptorChain.java:139)
at org.nutz.dao.impl.sql.run.NutDaoRunner.runCallback(NutDaoRunner.java:159)
at org.nutz.dao.impl.sql.run.NutDaoRunner._runWithoutTransaction(NutDaoRunner.java:126)
at org.nutz.dao.impl.sql.run.NutDaoRunner._run(NutDaoRunner.java:93)
at org.nutz.dao.impl.sql.run.NutDaoRunner.run(NutDaoRunner.java:82)
at org.nutz.dao.impl.DaoSupport.run(DaoSupport.java:240)
at org.nutz.dao.impl.DaoSupport._exec(DaoSupport.java:252)
at org.nutz.dao.impl.DaoSupport.execute(DaoSupport.java:236)
at org.nutz.dao.impl.NutDao.execute(NutDao.java:1048)
at com.llsh.www.dao.ChibaoImpl.ChiBaoService.ibooking(ChiBaoService.java:75)
at com.llsh.www.web.controller.client.ChiBaoModule.ibooking(ChiBaoModule.java:108)
at com.llsh.www.web.controller.client.ChiBaoModule$FM$ibooking$7e3a209aff5fd511415ce2380fb0406c.invoke(ChiBaoModule.java)
at org.nutz.mvc.impl.processor.MethodInvokeProcessor.process(MethodInvokeProcessor.java:31)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.AdaptorProcessor.process(AdaptorProcessor.java:38)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.ActionFiltersProcessor.process(ActionFiltersProcessor.java:58)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:126)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
at com.llsh.www.Common.datatableentity.GlobalsSettingProcessor.process(GlobalsSettingProcessor.java:29)
at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:67)
at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:202)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:352)
at org.nutz.dao.impl.sql.run.NutDaoExecutor._runPreparedStatement(NutDaoExecutor.java:299)
at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:90)
... 59 more
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output
at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:285)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:395)
at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:79)
at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:622)
at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:576)
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785)
... 65 more
你好,再问个问提,这样平时的接收回调,为什么是null的
sql1.setCallback(Sqls.callback.str());
dao.execute(sql1);
System.out.println(sql1.getString());
2018-12-05 21:18:16.797 INFO - [NutDaoExecutor.http-bio-80-exec-1] Can't identify SQL type : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.798 DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} created. declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.798 DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} Parameters : []
2018-12-05 21:18:16.799 DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} Types : []
2018-12-05 21:18:16.841 DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} executed. 42.783101 millis. declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.879 DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} closed
2018-12-05 21:18:16.879 DEBUG - [Connection.http-bio-80-exec-1] {conn-110010} pool-recycle
null
虽然没报错,但还是有说不识别sql类型
添加回复
请先登陆