当前使用版本(必填,否则不予处理)
(group: 'com.baomidou', name: 'mybatis-plus-boot-starter', version: '3.5.3')
该问题是如何引起的?(确定最新版也有问题再提!!!)
QueryWrapper.orderByDesc("date_trunc('minute', update_time)"),直接吞掉了'minute'两边的单引号,导致sql执行报错
重现步骤(如果有就写完整)
QueryWrapper
报错信息
Error querying database. Cause: org.postgresql.util.PSQLException: ERROR: column "minute" does not exist
Comment From: miemieYaho
日志输出sql是什么?
Comment From: yangle94
SQL: SELECT id,name,job,mobile_pre,mobile,email,official_website,address,user_id,department_name,language,create_by,create_time,update_by,update_time FROM business_card WHERE del_flag=0 AND (language = ?) ORDER BY date_trunc(minute,update_time) DESC,convert_to(name,GBK) ASC LIMIT ?
Cause: org.postgresql.util.PSQLException: ERROR: column "minute" does not exist
Comment From: yangle94
date_trunc(minute,update_time) 应该是date_trunc('minute',update_time); convert_to(name,GBK) 应该是convert_to(name,'GBK')
Comment From: qmdx
date_trunc(minute,update_time) 应该是date_trunc('minute',update_time); convert_to(name,GBK) 应该是convert_to(name,'GBK')
这个 SQL 片段 属于 SQL 注入 被底层过滤处理了转义字符,你需要 new queryWrapper 的时候重写 下面的方法,直接字符串原样返回
@Override
protected String columnSqlInjectFilter(String column) {
return StringUtils.sqlInjectionReplaceBlank(column);
}
Comment From: yangle94
那我还是先不升级版本了
Comment From: qmdx
new QueryWrapper<>() {
@Override
protected Object columnSqlInjectFilter(Object column) {
return column;
}
}.orderByDesc("date_trunc('minute', update_time)")