web-dev-qa-db-fra.com

org.springframework.jdbc.BadSqlGrammarException: StatementCallback; mauvaise grammaire SQL

HTTP Status 500 - Request processing failed; nested exception is org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'

Ceci est mon fichier Dao

    @Override
    public List < Assignment > showAllAssignment(String username) {
        String sql = "select * from assignment where username=" + username;
        return jdbcTemplate.query(sql, new AssignmentMapper());
    }

C'est mon contrôleur

 @RequestMapping(value = "/showAllAssignment/{reqUserName}/show", method = RequestMethod.GET)
 public ModelAndView showAllAssignment(@PathVariable("reqUserName") String reqUserName) {
     List < Assignment > list = new ArrayList < Assignment > ();
     list = assignmentService.showAllAssignment(reqUserName);
     ModelAndView mav = new ModelAndView("show_All_Assignments");
     mav.addObject("assignment", list);
     return mav;
 }

C'est l'erreur:

2018-05-03 01:55:08,232 [org.springframework.web.servlet.mvc.method.annotation.ExceptionHandlerExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,234 [org.springframework.web.servlet.mvc.annotation.ResponseStatusExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,234 [org.springframework.web.servlet.mvc.support.DefaultHandlerExceptionResolver]-[DEBUG] Resolving exception from handler [public org.springframework.web.servlet.ModelAndView org.assignment.controller.AssignmentController.showAllAssignment(Java.lang.String)]: org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
2018-05-03 01:55:08,235 [org.springframework.web.servlet.DispatcherServlet]-[DEBUG] Could not complete request
org.springframework.jdbc.BadSqlGrammarException: StatementCallback; bad SQL grammar [select * from assignment where username=reza]; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
    at org.springframework.jdbc.support.SQLErrorCodeSQLExceptionTranslator.doTranslate(SQLErrorCodeSQLExceptionTranslator.Java:235)
    at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.Java:72)
    at org.springframework.jdbc.core.JdbcTemplate.translateException(JdbcTemplate.Java:1402)
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.Java:388)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.Java:446)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.Java:456)
    at org.assignment.dao.AssignmentDaoImpl.showAllAssignment(AssignmentDaoImpl.Java:67)
    at org.assignment.service.AssignmentServiceImpl.showAllAssignment(AssignmentServiceImpl.Java:39)
    at org.assignment.controller.AssignmentController.showAllAssignment(AssignmentController.Java:193)
    at Sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at Sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.Java:62)
    at Sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.Java:43)
    at Java.lang.reflect.Method.invoke(Method.Java:498)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.Java:209)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.Java:136)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.Java:102)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.Java:870)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.Java:776)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.Java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.Java:991)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.Java:925)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.Java:978)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.Java:870)
    at javax.servlet.http.HttpServlet.service(HttpServlet.Java:622)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.Java:855)
    at javax.servlet.http.HttpServlet.service(HttpServlet.Java:729)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:292)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:207)
    at org.Apache.Tomcat.websocket.server.WsFilter.doFilter(WsFilter.Java:52)
    at org.Apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.Java:240)
    at org.Apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.Java:207)
    at org.Apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.Java:212)
    at org.Apache.catalina.core.StandardContextValve.invoke(StandardContextValve.Java:94)
    at org.Apache.catalina.core.StandardHostValve.invoke(StandardHostValve.Java:141)
    at org.Apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.Java:79)
    at org.Apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.Java:620)
    at org.Apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.Java:88)
    at org.Apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.Java:502)
    at org.Apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.Java:1132)
    at org.Apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.Java:684)
    at org.Apache.Tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.Java:1539)
    at org.Apache.Tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.Java:1495)
    at Java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.Java:1149)
    at Java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.Java:624)
    at org.Apache.Tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.Java:61)
    at Java.lang.Thread.run(Thread.Java:748)
Caused by: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown column 'reza' in 'where clause'
    at Sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at Sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.Java:62)
    at Sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.Java:45)
    at Java.lang.reflect.Constructor.newInstance(Constructor.Java:423)
    at com.mysql.jdbc.Util.handleNewInstance(Util.Java:389)
    at com.mysql.jdbc.Util.getInstance(Util.Java:372)
    at com.mysql.jdbc.SQLError.createSQLException(SQLError.Java:980)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.Java:3835)
    at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.Java:3771)
    at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.Java:2435)
    at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.Java:2582)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.Java:2531)
    at com.mysql.jdbc.ConnectionImpl.execSQL(ConnectionImpl.Java:2489)
    at com.mysql.jdbc.StatementImpl.executeQuery(StatementImpl.Java:1446)
    at org.springframework.jdbc.core.JdbcTemplate$1QueryStatementCallback.doInStatement(JdbcTemplate.Java:433)
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.Java:376)
    ... 42 more

Tout le monde peut m'aider à résoudre ce problème?

Le problème est que je veux sélectionner des données dans mon affectation de table, où le nom d'utilisateur est défini.

Par exemple, le String username1 = 'reza'; Mais lorsque j'essaie d'afficher toutes les données à l'aide de la syntaxe ci-dessus, select * .... where username="+username1; , Le système a lu le 'reza' sous forme de colonne et non comme valeur sur colonne.

javamysqlspringjspspring-mvc
4
Agnes Palit

La requête SQL que vous avez fournie n'était pas correcte, comme le suggérait l'erreur:

essayez String sql = "select * from assignment where username='"+username+"';"; 

au lieu de String sql = "select * from assignment where username="+username;

3
Gewure

Vous devez utiliser le paramètre de requête pour nom d'utilisateur pour qu'il soit correctement cité ET SQL échappé ... votre concaténation est un point d'entrée d'injection SQL potentiel si le nom d'utilisateur provient d'une source externe (interface utilisateur, ...) que vous ne maîtrisez pas complètement et qui échouera. au premier nom d'utilisateur contenant un seul devis si l'appelant ne s'échappe pas correctement.

0
p3consulting