druid 1.1.16/1.1.18 在mysql中select * from table t where t.name like ${name} 报错，无法解析${}

wlwcrazw 于 2022-11-02 发布在 Druid

关注(0)|答案(1)|浏览(87)

@OverRide
public List<Map<String, Object>> query(String name) {
Map<String,Object> params = new HashMap<String,Object>();
params.put("name", name);
return baseDao.query("select * from t_demo d where d.c_name like ${name}", params);
}

com.alibaba.druid.sql.parser.ParserException: syntax error, expect CALL, actual IDENTIFIER

把依赖换成1.0.15正常

druid

来源：https://github.com/alibaba/druid/issues/3333

1条答案

按热度按时间

r8xiu3jd1#

public static SQLSelect parse(String sql, String dbType) {
    List<SQLStatement> stmtList = com.alibaba.druid.sql.SQLUtils.parseStatements(sql, dbType);

    if (stmtList.size() != 1) {
        throw new IllegalArgumentException("sql not support count : " + sql);
    }

    SQLStatement stmt = stmtList.get(0);

    if (!(stmt instanceof SQLSelectStatement)) {
        throw new IllegalArgumentException("sql not support count : " + sql);
    }

    SQLSelectStatement selectStmt = (SQLSelectStatement) stmt;
    return selectStmt.getSelect();
}

源码中lexer解析了select 后直接找到了{，并且进了如CALL的逻辑

if (lexer.token == Token.LBRACE || lexer.identifierEquals("CALL")) {
SQLCallStatement stmt = parseCall();
statementList.add(stmt);
continue;
}

在parseCall 里会进入这个逻辑
protected void acceptIdentifier(String text) {
if (lexer.identifierEquals(text)) {
lexer.nextToken();
} else {
setErrorEndPos(lexer.pos());
throw new ParserException("syntax error, expect " + text + ", actual " + lexer.token + ", " + lexer.info());
}
}
感觉lexer解析变量有问题

赞(0）回复(0）举报 2022-11-02

我来回答

druid 1.1.16/1.1.18 在mysql中select * from table t where t.name like ${name} 报错，无法解析${}

1条答案

相关问题

热门标签

最新问答