search

alibaba / druid

阿里云计算平台DataWorks(https://help.aliyun.com/document_detail/137663.html) 团队出品,为监控而生的数据库连接池
https://github.com/alibaba/druid/wiki
Apache License 2.0
27.98k stars 8.58k forks source link

sql injection violation, syntax error: ERROR. token : QUESBAR, pos : 649 #1623

Open oaoit opened 7 years ago

oaoit commented 7 years ago

Caused by: java.sql.SQLException: sql injection violation, syntax error: ERROR. token : QUESBAR, pos : 649 : select count(id) FROM t_order WHERE order_date>=to_date(?,'yyyy-MM-dd') order_date <(to_date(?,'yyyy-MM-dd')+1) and name like '%'||?||'%'

druid version 1.0.28.

oaoit commented 7 years ago

In version 1.0.27 running normally.

wenshao commented 7 years ago

这个语法不正确吧?