NutzCN Logo
问答 晚上好,问个问提,是调用存储过程,报错不识别sql错误
发布于 2208天前 作者 as66708 2156 次浏览 复制 上一个帖子 下一个帖子
标签:
DECLARE @test INT;
EXEC @test = dbo.ProTest;

SELECT  @test
20 回复
2018-12-05 20:23:50.010  INFO  - [NutDaoExecutor.http-bio-80-exec-3] Can't identify SQL type : DECLARE @test INT; EXEC @test = dbo.ProTest; SELECT  @test
2018-12-05 20:23:50.010  DEBUG - [NutDaoExecutor.http-bio-80-exec-3] SQLException
java.sql.SQLException: sql injection violation, syntax error: syntax error, error in 

请问不可以这样用吗

 sql1.setCallback(Sqls.callback.str());
        dao.execute(sql1);
        System.out.println(sql1.getString());

跑到dao就报错了。

完整报错信息, 看上去是Druid的SQL防火墙抛出的异常, 并非nutdao的东西

2018-12-05 20:49:34.708  DEBUG - [NutDaoExecutor.http-bio-80-exec-8] declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
2018-12-05 20:49:34.708  INFO  - [NutDaoExecutor.http-bio-80-exec-8] Can't identify SQL type :   declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
2018-12-05 20:49:34.708  DEBUG - [NutDaoExecutor.http-bio-80-exec-8] SQLException
java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798)
	at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)
	at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
	at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
	at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:352)
	at org.nutz.dao.impl.sql.run.NutDaoExecutor._runPreparedStatement(NutDaoExecutor.java:299)
	at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:90)
	at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:66)
	at org.nutz.dao.impl.interceptor.DaoLogInterceptor.filter(DaoLogInterceptor.java:22)
	at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:64)
	at org.nutz.dao.DaoInterceptorChain.invoke(DaoInterceptorChain.java:139)
	at org.nutz.dao.impl.sql.run.NutDaoRunner.runCallback(NutDaoRunner.java:159)
	at org.nutz.dao.impl.sql.run.NutDaoRunner._runWithoutTransaction(NutDaoRunner.java:126)
	at org.nutz.dao.impl.sql.run.NutDaoRunner._run(NutDaoRunner.java:93)
	at org.nutz.dao.impl.sql.run.NutDaoRunner.run(NutDaoRunner.java:82)
	at org.nutz.dao.impl.DaoSupport.run(DaoSupport.java:240)
	at org.nutz.dao.impl.DaoSupport._exec(DaoSupport.java:252)
	at org.nutz.dao.impl.DaoSupport.execute(DaoSupport.java:236)
	at org.nutz.dao.impl.NutDao.execute(NutDao.java:1048)
	at com.llsh.www.dao.ChibaoImpl.ChiBaoService.ibooking(ChiBaoService.java:75)
	at com.llsh.www.web.controller.client.ChiBaoModule.ibooking(ChiBaoModule.java:108)
	at com.llsh.www.web.controller.client.ChiBaoModule$FM$ibooking$7e3a209aff5fd511415ce2380fb0406c.invoke(ChiBaoModule.java)
	at org.nutz.mvc.impl.processor.MethodInvokeProcessor.process(MethodInvokeProcessor.java:31)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.AdaptorProcessor.process(AdaptorProcessor.java:38)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ActionFiltersProcessor.process(ActionFiltersProcessor.java:58)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:126)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at com.llsh.www.Common.datatableentity.GlobalsSettingProcessor.process(GlobalsSettingProcessor.java:29)
	at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
	at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:67)
	at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
	at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output
	at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:285)
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:395)
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:79)
	at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:622)
	at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:576)
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785)
	... 65 more
2018-12-05 20:49:34.715  DEBUG - [Connection.http-bio-80-exec-8] {conn-110013} pool-recycle
2018-12-05 20:49:34.715  WARN  - [FailProcessor.http-bio-80-exec-8] Error@/chibao/ibooking :
org.nutz.dao.DaoException: !Nutz SQL Error: 'declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno'
PreparedStatement: 
'declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno'
CaseMessage=sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
	at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:104)
	at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:66)
	at org.nutz.dao.impl.interceptor.DaoLogInterceptor.filter(DaoLogInterceptor.java:22)
	at org.nutz.dao.DaoInterceptorChain.doChain(DaoInterceptorChain.java:64)
	at org.nutz.dao.DaoInterceptorChain.invoke(DaoInterceptorChain.java:139)
	at org.nutz.dao.impl.sql.run.NutDaoRunner.runCallback(NutDaoRunner.java:159)
	at org.nutz.dao.impl.sql.run.NutDaoRunner._runWithoutTransaction(NutDaoRunner.java:126)
	at org.nutz.dao.impl.sql.run.NutDaoRunner._run(NutDaoRunner.java:93)
	at org.nutz.dao.impl.sql.run.NutDaoRunner.run(NutDaoRunner.java:82)
	at org.nutz.dao.impl.DaoSupport.run(DaoSupport.java:240)
	at org.nutz.dao.impl.DaoSupport._exec(DaoSupport.java:252)
	at org.nutz.dao.impl.DaoSupport.execute(DaoSupport.java:236)
	at org.nutz.dao.impl.NutDao.execute(NutDao.java:1048)
	at com.llsh.www.dao.ChibaoImpl.ChiBaoService.ibooking(ChiBaoService.java:75)
	at com.llsh.www.web.controller.client.ChiBaoModule.ibooking(ChiBaoModule.java:108)
	at com.llsh.www.web.controller.client.ChiBaoModule$FM$ibooking$7e3a209aff5fd511415ce2380fb0406c.invoke(ChiBaoModule.java)
	at org.nutz.mvc.impl.processor.MethodInvokeProcessor.process(MethodInvokeProcessor.java:31)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.AdaptorProcessor.process(AdaptorProcessor.java:38)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ActionFiltersProcessor.process(ActionFiltersProcessor.java:58)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.integration.shiro.NutShiroProcessor.process(NutShiroProcessor.java:126)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.ModuleProcessor.process(ModuleProcessor.java:123)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.EncodingProcessor.process(EncodingProcessor.java:27)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at org.nutz.mvc.impl.processor.UpdateRequestAttributesProcessor.process(UpdateRequestAttributesProcessor.java:15)
	at org.nutz.mvc.impl.processor.AbstractProcessor.doNext(AbstractProcessor.java:44)
	at com.llsh.www.Common.datatableentity.GlobalsSettingProcessor.process(GlobalsSettingProcessor.java:29)
	at org.nutz.mvc.impl.NutActionChain.doChain(NutActionChain.java:44)
	at org.nutz.mvc.impl.ActionInvoker.invoke(ActionInvoker.java:67)
	at org.nutz.mvc.ActionHandler.handle(ActionHandler.java:31)
	at org.nutz.mvc.NutFilter.doFilter(NutFilter.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.executeChain(AbstractShiroFilter.java:449)
	at org.apache.shiro.web.servlet.AbstractShiroFilter$1.call(AbstractShiroFilter.java:365)
	at org.apache.shiro.subject.support.SubjectCallable.doCall(SubjectCallable.java:90)
	at org.apache.shiro.subject.support.SubjectCallable.call(SubjectCallable.java:83)
	at org.apache.shiro.subject.support.DelegatingSubject.execute(DelegatingSubject.java:383)
	at org.apache.shiro.web.servlet.AbstractShiroFilter.doFilterInternal(AbstractShiroFilter.java:362)
	at org.apache.shiro.web.servlet.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:125)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:110)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:169)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:962)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:445)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1115)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:637)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output : declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo as billno
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798)
	at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)
	at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:473)
	at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
	at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:352)
	at org.nutz.dao.impl.sql.run.NutDaoExecutor._runPreparedStatement(NutDaoExecutor.java:299)
	at org.nutz.dao.impl.sql.run.NutDaoExecutor.exec(NutDaoExecutor.java:90)
	... 59 more
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'llNo output select @BillNo as billn', expect IDENTIFIER, actual IDENTIFIER pos 101, line 1, column 95, token IDENTIFIER output
	at com.alibaba.druid.sql.parser.SQLParser.printError(SQLParser.java:285)
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:395)
	at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:79)
	at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:622)
	at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:576)
	at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785)
	... 65 more

com.alibaba.druid.wall.WallFilter, 的确是Druid的SQL防火墙

请问怎么解决

禁用掉, 一般在dao.js里面, 有wall字样

这个wall配置怎么查找。。

dao.js或者dao.json里面

如果是nutzboot项目,可能在application.properties里面

找到了,谢谢,解决问题了。不是很清楚为什么,连接池有wall调用sqlserver存储过程会报错?

你好,再问个问提,这样平时的接收回调,为什么是null的

 sql1.setCallback(Sqls.callback.str());
        dao.execute(sql1);
        System.out.println(sql1.getString());
2018-12-05 21:18:16.797  INFO  - [NutDaoExecutor.http-bio-80-exec-1] Can't identify SQL type :   declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.798  DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} created. declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.798  DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} Parameters : []
2018-12-05 21:18:16.799  DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} Types : []
2018-12-05 21:18:16.841  DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} executed. 42.783101 millis. declare @BillNo varchar(50)exec [generate_orderNo] 'TD_skBookingList','BillNo','B',6,3,@BillNo output select @BillNo
2018-12-05 21:18:16.879  DEBUG - [Statement.http-bio-80-exec-1] {conn-110010, pstmt-120013} closed
2018-12-05 21:18:16.879  DEBUG - [Connection.http-bio-80-exec-1] {conn-110010} pool-recycle
null

虽然没报错,但还是有说不识别sql类型

这是要查询?

对,返回一堆字符串

sql.forceExecQuery()

添加回复
请先登陆
回到顶部