in把能拼接""

Question

in把能拼接""

CoocaChina opened this issue 2 years ago · 2 comments

"error": "StatementCallback; bad SQL grammar [SELECT * FROM Equipment WHERE ( barCode IN ( 'lb1649400074854' ) OR RFID IN ( ) OR nfc IN ( ) OR recorderCode IN ( ) )]; nested exception is java.sql.SQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') OR nfc IN ( ) OR recorderCode IN ( ) )' at line 1",

Answer 1 · 2022-04-13T10:24:32.000Z

您好，您的邮件已经收到，感谢您的努力，辛苦了

Answer 2 · 2022-04-13T10:58:39.000Z

最终还是没支持拼接 IN (''), 和标准SQL有区别。用sqli API的时候，主要是为了业务层自动过滤掉null, "", " "等。如果加上了, 就违背了API的初始目标。解决方案是增加了IN 过滤 [""] 里面的""。