search

baomidou / mybatis-plus

An powerful enhanced toolkit of MyBatis for simplify development
https://baomidou.com
Apache License 2.0
16.41k stars 4.31k forks source link

sqlArgsFill #6210

Closed lunxian8 closed 5 months ago

lunxian8 commented 5 months ago

当前使用版本 3.4.2 当前环境信息 例如: Java8 +dm8

描述bug现象

StringUtils.sqlArgsFill 里面的sqlParam调用escapeString转义字符串,请问

参数里有''怎么办?
        String c = StringUtils.sqlArgsFill("update sys_user set id = {0} where id = {1} dimissiontime = {2};", "", "222''a", "");
变成了 ‘’的值变成了 \'\' 执行不了这个语句

异常!:

## The error may involve com.baomidou.mybatisplus.core.mapper.SqlRunner.Update
### The error occurred while executing an update
### Cause: com.baomidou.mybatisplus.core.exceptions.MybatisPlusException: Failed to process, Error SQL: update sys_user set id = '' where id = '222\'\'a' dimissiontime = '';

    at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
    at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:196)
    at com.baomidou.mybatisplus.extension.toolkit.SqlRunner.update(SqlRunner.java:136)
nieqiurong commented 5 months ago

update sys_user set id = {0} where id = {1} dimissiontime = {2};

你确定这个sql是正确的?