druid报异常 “sql injection violation, part alway true condition not allow”的解决方案

使用durid连接池组件，执行sql时发现异常如下：

Caused by: java.sql.SQLException: sql injection violation, part alway true condition not allow : select t.id，t.name ,from sys_testt where (t.tid = 'sys' or ''='sys') and (t.tname like '%%' or ''='')at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:714)at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:240)at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448)at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:928)at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122)at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448)at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:318)at sun.reflect.GeneratedMethodAccessor26.invoke(Unknown Source)at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)at java.lang.reflect.Method.invoke(Method.java:597)at com.jfinal.plugin.activerecord.SqlReporter.invoke(SqlReporter.java:72)at $Proxy5.prepareStatement(Unknown Source)at com.jfinal.plugin.activerecord.DbPro.find(DbPro.java:334)at com.jfinal.plugin.activerecord.DbPro.find(DbPro.java:349)... 43 more

解决方案：

参数filters：属性类型是字符串，通过别名的方式配置扩展插件，常用的插件有：
监控统计用的filter:stat 日志用的filter:log4j 防御sql注入的filter:wall。

把 filters配置中去掉 wall即可。

druid详细参数配置地址：https://github.com/alibaba/druid/wiki/DruidDataSource%E9%85%8D%E7%BD%AE%E5%B1%9E%E6%80%A7%E5%88%97%E8%A1%A8

转载于:https://www.cnblogs.com/haha12/p/4670400.html

druid报异常 “sql injection violation, part alway true condition not allow”的解决方案相关推荐

druid sql黑名单报异常 sql injection violation, part alway true condition not allow
最近使用druid,发现阿里这个连接池真的很好用,可以监控到连接池活跃连接数开辟到多少个连接数关闭了多少个,对于我在项目中查看错误问题,很有帮助, 但是最近发现里面有条sql语句被拦截了, ...
MySQL异常 #SQLException: sql injection violation, part alway true condition not allow
1.异常现象 Caused by: java.sql.SQLException: sql injection violation, part alway true condition not allo ...
综合技术--sql injection violation, part alway true condition not allow
2019独角兽企业重金招聘Python工程师标准>>> 今天遇到一个很奇怪的报错,信息如下 sql injection violation, part alway true cond ...
java.sql.SQLException: sql injection violation, part alway true condition not allow
这是我在思考调试sql注入出现的小bug 打印出来的SQL语句放在数据库执行 select id,name,age,phone from yu_student where phone = '123' ...
Druid sql injection violation, part alway false condition not allow
在使用druid的时候很简单的一条sql报了错,如下 select<include refid="Base_Column_List"/>from sys_user_id ...
sql injection violation, part alway false condition not allow
今天做需求碰到了这个问题,sql injection violation, part alway false condition not allow,有的说改druid配置文件,将filters中的w ...
MySql java.sql.SQLException: sql injection violation, part alway false condition not allow异常简单处理方式
在sql语法正常下进行拼接sql语句时出现类似"1=1"等代码前面出现 and 或 or 时会被认为是sql注入解决方案一. 使用表名点字段名 members.name 二. ...
java.sql.SQLException: sql injection violation, part alway false condition not allow
错误截图: 百度解释是防止sql注入,百度有的说是去掉druid里面filters里面的wall可以解决问题.但本人觉得这个方案有点难以接受.经测试发现如下原因会触发该bug: 截图sql: 在我的代 ...
java.sql.SQLException: sql injection violation, multi-statement not allow
sql涉及到批量操作,开发环境正常执行,测试环境报错 sql injection violation, multi-statement not allow : update eqc_area_cust ...

druid报异常 “sql injection violation, part alway true condition not allow”的解决方案

druid报异常 “sql injection violation, part alway true condition not allow”的解决方案相关推荐

最新文章

热门文章