java - 查询路径变量时出现内部服务器错误 jdbc
问题描述
我有下面的代码,运行时出现以下错误。String转换似乎存在某种问题VARCHAR。
curl -v localhost:8080/trainer/Rach
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8080 (#0)
> GET /trainer/Rach HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.55.1
> Accept: */*
>
< HTTP/1.1 500
< Content-Type: application/json
< Transfer-Encoding: chunked
< Date: Wed, 17 Jun 2020 12:43:21 GMT
< Connection: close
<
{"timestamp":"2020-06-17T12:43:21.205+0000","status":500,"error":"Internal Server Error","message":"StatementCallback; bad SQL grammar [SELECT * fr
om TRAINERS where NAME=Rach]; nested exception is org.h2.jdbc.JdbcSQLSyntaxErrorException: Column \"RACH\" not found; SQL statement:\nSELECT * from
TRAINERS where NAME=Rach [42122-200]","path":"/trainer/Rach"}* Closing connection 0
控制器:
@GetMapping("/trainer/{trainer_name}")
public Trainer getTrainer(@PathVariable String trainer_name) {
Trainer t = jdbcTemplate.queryForObject("SELECT * from TRAINERS where NAME=" + trainer_name , new
TrainerRawMapper());
return t;
}
原始映射器:
public class TrainerRawMapper implements RowMapper<Trainer> {
@Override
public Trainer mapRow(ResultSet rs, int rowNum) throws SQLException {
Trainer trainer = new Trainer();
trainer.setName(rs.getString("NAME"));
trainer.setLevel(rs.getInt("LEVEL"));
trainer.setBag(new Stack<Pokemon>());
return trainer;
}
}
数据:
CREATE TABLE TRAINERS (NAME VARCHAR(225) PRIMARY KEY,
LEVEL INT)
-- TRAINERS insertions
INSERT INTO TRAINERS (NAME,LEVEL) VALUES ('Rach',8);
INSERT INTO TRAINERS (NAME,LEVEL) VALUES ('Rache',0);
INSERT INTO TRAINERS (NAME,LEVEL) VALUES ('Rachel',1);
INSERT INTO TRAINERS (NAME,LEVEL) VALUES ('Racheli',2);
解决方案
更新查询并放置trainer_name不带引号的内容,如下所示:
String sql = "SELECT * from TRAINERS where NAME = '" + trainer_name +"'";
Trainer t = jdbcTemplate.queryForObject(sql, new TrainerRawMapper());
解决方案只是为了纠正错误。
,出于安全原因,最好使用 jdbcTemplate 来替换值,以避免 SQL 注入等 SQL 攻击
String sql = "SELECT * from TRAINERS where NAME = ?";
return jdbcTemplate.queryForObject(sql, new Object[]{trainer_name}, new TrainerRawMapper());
推荐阅读
- python - Matplotlib.pyplot.bar 似乎产生不正确的结果
- angular - 类函数在角度订阅中未定义
- javascript - jQuery.Ready 在卸载期间触发 - 有什么方法可以防止这种情况?
- swift - 表/集合视图和滚动视图之间的平滑滚动
- angularjs - Google Maps JavaScript API 警告:带有 angularjs umbraco 插件的 NoApiKeys
- c# - 将字符串转换为 JArray
- docker - 部署 jupyterhub 时无法从 config.yaml 运行生命周期命令
- ruby - 读取 ruby 文件时如何推入数组?
- c# - WebAPI 异常返回类型对象
- java - Android,实时幅度和音高检测