postgreSQL数据库查询报错

操作postgresql数据库查询,打印出来的SQL+参数在数据库里面是可以返回结果的。

但是把SQL放到项目里面运行,报错如下:

com.jfinal.plugin.activerecord.ActiveRecordException: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect RPAREN, actual QUES pos 1678, line 1, column 1677, token QUES : select count(*)  from ( SELECT b.ID, b.tag_name, b.start_time, b.end_time,b.diff_second, b.time_date, b2.eqp_no,b3.dept_name,b4.dept_name fenchang, 0 afternoon, case when (starttime between sp1time and (sp2time-1)) and (endtime between sp1time and (sp2time-1)) then diff_second when (starttime between sp1time and (sp2time-1)) and endtime >= sp2time then sp2time-starttime when starttime<sp1time and (endtime between sp1time and (sp2time-1)) then endtime-sp1time when starttime<sp1time and endtime >= sp2time then sp2time-sp1time else 0 end morning, case when (starttime between sp2time and (sp3time-1)) and (endtime between sp2time and (sp3time-1)) then diff_second when (starttime between sp2time and (sp3time-1)) and endtime>sp3time then sp3time-starttime when starttime<sp2time and (endtime between sp2time and (sp3time-1)) then endtime-sp2time when starttime<sp2time and endtime>sp3time then sp3time-sp2time else 0 end night from ( SELECT a1.ID ID, a1.tag_name tag_name, a1.start_time start_time, a1.end_time end_time,a1.diff_second diff_second, (CASE WHEN to_char(a1.start_time, 'HH24mi')::INTEGER> ? THEN to_char(a1.time_date, 'yyyy-MM-dd') ELSE to_char(a1.time_date + '-1 day', 'yyyy-MM-dd') END ) time_date, case when to_char(a1.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a1.start_time+'1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a1.start_time AS TIMESTAMP)) end starttime, case when to_char(a1.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a1.end_time+'1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a1.end_time AS TIMESTAMP)) end endtime, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? ) AS TIMESTAMP))sp1time, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? )+'12 hour' AS TIMESTAMP))sp2time, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? )+'24 hour' AS TIMESTAMP))sp3time FROM ht_lk_his_time a1 WHERE 1 = 1 AND a1.time_date >= 'Sun Jun 28 09:00:00 CST 2019' AND a1.time_date <= 'Wed Jul 03 14:24:31 CST 2019' union all SELECT a2.ID ID, a2.tag_name tag_name, a2.start_time start_time, a2.end_time end_time,a2.diff_second diff_second, (CASE WHEN to_char(a2.start_time, 'HH24mi')::INTEGER> ? THEN to_char(a2.time_date + '+1 day', 'yyyy-MM-dd') ELSE to_char(a2.time_date, 'yyyy-MM-dd') END ) time_date, case when to_char(a2.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a2.start_time+'-1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a2.start_time AS TIMESTAMP)) end starttime, case when to_char(a2.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a2.end_time+'-1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a2.end_time AS TIMESTAMP)) end endtime, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? ) AS TIMESTAMP))sp1time, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? )+'12 hour' AS TIMESTAMP))sp2time, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? )+'24 hour' AS TIMESTAMP))sp3time FROM ht_lk_his_time a2 WHERE 1 = 1 AND a2.time_date >= 'Sun Jun 28 09:00:00 CST 2019' AND a2.time_date <= 'Wed Jul 03 14:24:31 CST 2019' )b LEFT JOIN ct_build_eqp b2 ON b.tag_name = b2.eqp_id LEFT JOIN ct_sys_department b3 ON b2.dept_code = b3.dept_code LEFT JOIN ct_sys_department b4 ON substring(b2.dept_code,1,6) = b4.dept_code where 1 = 1 )c GROUP BY c.tag_name, c.eqp_no, c.time_date ,c.dept_name, c.fenchang  

at com.jfinal.plugin.activerecord.DbPro.paginate(DbPro.java:483)

at com.wanma.framework.config.base.BaseService.queryPageAt(BaseService.java:423)

at com.wanma.framework.config.base.BaseService.queryPage(BaseService.java:428)

at com.wanma.mes.rpt.service.RptCommonService.page(RptCommonService.java:51)

at com.wanma.mes.rpt.service.RptCommonService.getEqpOpenRate(RptCommonService.java:39)

at com.wanma.mes.rpt.controller.EqpOpenRateController.index(EqpOpenRateController.java:159)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at com.jfinal.aop.Invocation.invoke(Invocation.java:71)

at com.wanma.framework.config.interceptor.SimpleReportParameterInjectInterceptor.intercept(SimpleReportParameterInjectInterceptor.java:69)

at com.jfinal.aop.Invocation.invoke(Invocation.java:65)

at com.jfinal.i18n.II18nInterceptor.intercept(II18nInterceptor.java:108)

at com.jfinal.aop.Invocation.invoke(Invocation.java:65)

at com.wanma.framework.config.interceptor.LogicInterceptor.intercept(LogicInterceptor.java:114)

at com.jfinal.aop.Invocation.invoke(Invocation.java:65)

at com.wanma.framework.config.interceptor.AuthInterceptor.intercept(AuthInterceptor.java:161)

at com.jfinal.aop.Invocation.invoke(Invocation.java:65)

at com.wanma.framework.config.interceptor.BaseInfoInterceptor.intercept(BaseInfoInterceptor.java:87)

at com.jfinal.aop.Invocation.invoke(Invocation.java:65)

at com.jfinal.core.ActionHandler.handle(ActionHandler.java:78)

at com.jfinal.plugin.druid.DruidStatViewHandler.handle(DruidStatViewHandler.java:75)

at com.wanma.framework.config.handle.CROSHandle.handle(CROSHandle.java:95)

at com.jfinal.ext.handler.ContextPathHandler.handle(ContextPathHandler.java:47)

at com.wanma.framework.config.handle.RequestModeHandler.handle(RequestModeHandler.java:53)

at com.jfinal.core.JFinalFilter.doFilter(JFinalFilter.java:72)

at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1669)

at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:581)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:143)

at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:548)

at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:226)

at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1156)

at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:511)

at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)

at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1088)

at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)

at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:119)

at org.eclipse.jetty.server.Server.handle(Server.java:517)

at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:306)

at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:242)

at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:245)

at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:95)

at org.eclipse.jetty.io.SelectChannelEndPoint$2.run(SelectChannelEndPoint.java:75)

at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.produceAndRun(ExecuteProduceConsume.java:213)

at org.eclipse.jetty.util.thread.strategy.ExecuteProduceConsume.run(ExecuteProduceConsume.java:147)

at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:654)

at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:572)

at java.lang.Thread.run(Thread.java:745)

Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect RPAREN, actual QUES pos 1678, line 1, column 1677, token QUES : select count(*)  from ( SELECT b.ID, b.tag_name, b.start_time, b.end_time,b.diff_second, b.time_date, b2.eqp_no,b3.dept_name,b4.dept_name fenchang, 0 afternoon, case when (starttime between sp1time and (sp2time-1)) and (endtime between sp1time and (sp2time-1)) then diff_second when (starttime between sp1time and (sp2time-1)) and endtime >= sp2time then sp2time-starttime when st[2019-07-04 11:03:15][DEBUG][com.wanma.framework.config.interceptor.BaseInfoInterceptor][e7ec068e][1]ActionKey:/rpt/eqpOpenRate

[2019-07-04 11:03:15][DEBUG][com.wanma.framework.config.interceptor.BaseInfoInterceptor][e7ec068e]No Render

arttime<sp1time and (endtime between sp1time and (sp2time-1)) then endtime-sp1time when starttime<sp1time and endtime >= sp2time then sp2time-sp1time else 0 end morning, case when (starttime between sp2time and (sp3time-1)) and (endtime between sp2time and (sp3time-1)) then diff_second when (starttime between sp2time and (sp3time-1)) and endtime>sp3time then sp3time-starttime when starttime<sp2time and (endtime between sp2time and (sp3time-1)) then endtime-sp2time when starttime<sp2time and endtime>sp3time then sp3time-sp2time else 0 end night from ( SELECT a1.ID ID, a1.tag_name tag_name, a1.start_time start_time, a1.end_time end_time,a1.diff_second diff_second, (CASE WHEN to_char(a1.start_time, 'HH24mi')::INTEGER> ? THEN to_char(a1.time_date, 'yyyy-MM-dd') ELSE to_char(a1.time_date + '-1 day', 'yyyy-MM-dd') END ) time_date, case when to_char(a1.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a1.start_time+'1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a1.start_time AS TIMESTAMP)) end starttime, case when to_char(a1.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a1.end_time+'1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a1.end_time AS TIMESTAMP)) end endtime, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? ) AS TIMESTAMP))sp1time, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? )+'12 hour' AS TIMESTAMP))sp2time, EXTRACT(epoch FROM CAST((to_char(a1.time_date, 'yyyy-MM-dd')::date + time ? )+'24 hour' AS TIMESTAMP))sp3time FROM ht_lk_his_time a1 WHERE 1 = 1 AND a1.time_date >= 'Sun Jun 28 09:00:00 CST 2019' AND a1.time_date <= 'Wed Jul 03 14:24:31 CST 2019' union all SELECT a2.ID ID, a2.tag_name tag_name, a2.start_time start_time, a2.end_time end_time,a2.diff_second diff_second, (CASE WHEN to_char(a2.start_time, 'HH24mi')::INTEGER> ? THEN to_char(a2.time_date + '+1 day', 'yyyy-MM-dd') ELSE to_char(a2.time_date, 'yyyy-MM-dd') END ) time_date, case when to_char(a2.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a2.start_time+'-1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a2.start_time AS TIMESTAMP)) end starttime, case when to_char(a2.start_time, 'HH24mi')::INTEGER< ? then EXTRACT(epoch FROM CAST((a2.end_time+'-1 day') AS TIMESTAMP)) else EXTRACT(epoch FROM CAST(a2.end_time AS TIMESTAMP)) end endtime, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? ) AS TIMESTAMP))sp1time, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? )+'12 hour' AS TIMESTAMP))sp2time, EXTRACT(epoch FROM CAST((to_char(a2.time_date + '-1 day', 'yyyy-MM-dd')::date + time ? )+'24 hour' AS TIMESTAMP))sp3time FROM ht_lk_his_time a2 WHERE 1 = 1 AND a2.time_date >= 'Sun Jun 28 09:00:00 CST 2019' AND a2.time_date <= 'Wed Jul 03 14:24:31 CST 2019' )b LEFT JOIN ct_build_eqp b2 ON b.tag_name = b2.eqp_id LEFT JOIN ct_sys_department b3 ON b2.dept_code = b3.dept_code LEFT JOIN ct_sys_department b4 ON substring(b2.dept_code,1,6) = b4.dept_code where 1 = 1 )c GROUP BY c.tag_name, c.eqp_no, c.time_date ,c.dept_name, c.fenchang  

at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:798)

at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:251)

at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568)

at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:929)

at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122)

at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568)

at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)

at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:349)

at com.jfinal.plugin.activerecord.DbPro.query(DbPro.java:67)

at com.jfinal.plugin.activerecord.DbPro.paginate(DbPro.java:450)

at com.jfinal.plugin.activerecord.DbPro.paginate(DbPro.java:481)

... 48 more

Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, expect RPAREN, actual QUES pos 1678, line 1, column 1677, token QUES

at com.alibaba.druid.sql.parser.SQLExprParser.accept(SQLExprParser.java:2668)

at com.alibaba.druid.sql.parser.SQLExprParser.primary(SQLExprParser.java:298)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGExprParser.primary(PGExprParser.java:143)

at com.alibaba.druid.sql.parser.SQLExprParser.expr(SQLExprParser.java:86)

at com.alibaba.druid.sql.parser.SQLExprParser.primary(SQLExprParser.java:595)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGExprParser.primary(PGExprParser.java:143)

at com.alibaba.druid.sql.parser.SQLExprParser.expr(SQLExprParser.java:86)

at com.alibaba.druid.sql.parser.SQLExprParser.methodRest(SQLExprParser.java:1081)

at com.alibaba.druid.sql.parser.SQLExprParser.parseSelectItem(SQLExprParser.java:3265)

at com.alibaba.druid.sql.parser.SQLSelectParser.parseSelectList(SQLSelectParser.java:646)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGSelectParser.query(PGSelectParser.java:108)

at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:59)

at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:675)

at com.alibaba.druid.sql.parser.SQLSelectParser.parseFrom(SQLSelectParser.java:666)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGSelectParser.query(PGSelectParser.java:134)

at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:59)

at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:675)

at com.alibaba.druid.sql.parser.SQLSelectParser.parseFrom(SQLSelectParser.java:666)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGSelectParser.query(PGSelectParser.java:134)

at com.alibaba.druid.sql.parser.SQLSelectParser.select(SQLSelectParser.java:59)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGSQLStatementParser.parseSelect(PGSQLStatementParser.java:331)

at com.alibaba.druid.sql.dialect.postgresql.parser.PGSQLStatementParser.parseSelect(PGSQLStatementParser.java:40)

at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:149)

at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:83)

at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:624)

at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:578)

at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:785)

... 58 more

求各位大神指点!!!

项目:JFinal

评论区

JFinal

2019-07-04 11:14

sql 有错误,注意看异常:
Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, expect RPAREN, actual QUES pos 1678, line 1, column 1677, token QUES
 回复

小小_白

2019-07-04 11:37

@JFinal 但是我把输出的SQL放到数据库里面是可以执行的啊
 回复

JFinal

2019-07-04 12:15

@小小_白 检查一下 druid 的 WallFilter 是不是误判了你的 sql 存在注入问题

去掉 ActiveRecordPlugin 中的 WallFilter 配置
 回复
我要反馈

热门反馈

扫码入社