web-dev-qa-db-de.com

org.springframework.jdbc.BadSqlGrammarException: StatementCallback; schlechte SQL-Grammatik

HTTP Status 500 - Request processing failed; nested exception is org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'

Dies ist meine Dao-Datei

    @Override
    public List < Assignment > showAllAssignment(String username) {
        String sql = "select * from assignment where username=" + username;
        return jdbcTemplate.query(sql, new AssignmentMapper());
    }

Das ist mein Controller

 @RequestMapping(value = "/showAllAssignment/{reqUserName}/show", method = RequestMethod.GET)
 public ModelAndView showAllAssignment(@PathVariable("reqUserName") String reqUserName) {
     List < Assignment > list = new ArrayList < Assignment > ();
     list = assignmentService.showAllAssignment(reqUserName);
     ModelAndView mav = new ModelAndView("show_All_Assignments");
     mav.addObject("assignment", list);
     return mav;
 }

Das ist der Fehler:

2018-05-03 01:55:08,232 [org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,234 [org.springframework.web.servlet.mvc.annotation.ResponseStatusExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,234 [org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,235 [org.springframework.web.servlet.DispatcherServlet]-[DEBUG] Could not complete request
org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
    at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.Java:235)
    at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.Java:72)
    at org.springframework.jdbc.core.JdbcTemplate.translateException(JdbcTemplate.Java:1402)
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.Java:388)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.Java:446)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.Java:456)
    at org.assignment.dao.AssignmentDaoImpl.showAllAssignment(AssignmentDaoImpl.Java:67)
    at org.assignment.service.AssignmentServiceImpl.showAllAssignment(AssignmentServiceImpl.Java:39)
    at org.assignment.controller.AssignmentController.showAllAssignment(AssignmentController.Java:193)
    at Sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at Sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.Java:62)
    at Sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.Java:43)
    at Java.lang.reflect.Method.invoke(Method.Java:498)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.Java:209)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.Java:136)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.Java:102)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.Java:870)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.Java:776)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.Java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.Java:991)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.Java:925)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.Java:978)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.Java:870)
    at javax.servlet.http.HttpServlet.service(HttpServlet.Java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.Java:855)
    at javax.servlet.http.HttpServlet.service(HttpServlet.Java:729)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:292)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:207)
    at org.Apache.Tomcat.websocket.server.WsFilter.doFilter(WsFilter.Java:52)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:240)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:207)
    at org.Apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.Java:212)
    at org.Apache.catalina.core.StandardContextValve.invoke(StandardContextValve.Java:94)
    at org.Apache.catalina.core.StandardHostValve.invoke(StandardHostValve.Java:141)
    at org.Apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.Java:79)
    at org.Apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.Java:620)
    at org.Apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.Java:88)
    at org.Apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.Java:502)
    at org.Apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.Java:1132)
    at org.Apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.Java:684)
    at org.Apache.Tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.Java:1539)
    at org.Apache.Tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.Java:1495)
    at Java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.Java:1149)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.Java:624)
    at org.Apache.Tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.Java:61)
    at Java.lang.Thread.run(Thread.Java:748)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
    at Sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at Sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.Java:62)
    at Sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.Java:45)
    at Java.lang.reflect.Constructor.newInstance(Constructor.Java:423)
    at com.mysql.jdbc.Util.handleNewInstance(Util.Java:389)
    at com.mysql.jdbc.Util.getInstance(Util.Java:372)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.Java:980)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.Java:3835)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.Java:3771)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.Java:2435)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.Java:2582)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.Java:2531)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.Java:2489)
    at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.Java:1446)
    at org.springframework.jdbc.core.JdbcTemplate$1QueryStatementCallback.doInStatement(JdbcTemplate.Java:433)
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.Java:376)
    ... 42 more

Kann mir jemand helfen, dieses Problem zu lösen?

Das Problem ist, ich möchte Daten innerhalb meiner Tabellenzuordnung auswählen, wobei der Benutzername definiert ist.

Zum Beispiel der String username1 = 'reza'; Wenn ich jedoch versuche, alle Daten mit der Syntax oben in select * .... where username="+username1; Anzuzeigen, liest das System das 'reza' als Spalte und nicht als Wert in der Spalte.

4
Agnes Palit

Die von Ihnen angegebene SQL-Abfrage war nicht korrektes SQL, wie der Fehler andeutete:

versuche String sql = "select * from assignment where username='"+username+"';"; 

anstelle von String sql = "select * from assignment where username="+username;

3
Gewure

Sie sollten den Abfrageparameter für den Benutzernamen verwenden, damit er korrekt zitiert wird, und SQL-Escapezeichen. Ihre Verkettung ist ein potenzieller Einstiegspunkt für die SQL-Injection, wenn der Benutzername aus einer externen Quelle (Benutzeroberfläche, ...) stammt, die Sie nicht vollständig kontrollieren können und ausfallen werden Zuerst Benutzername, der ein einzelnes Anführungszeichen enthält, wenn der Anrufer nicht korrekt entgeht.

0
p3consulting