[alibaba/druid]Druid1.2.5版本对clickhouse的部分SQL语法不支持，WallFilter检测报错

我要执行的SQL如下： ALTER TABLE t_test1 UPDATE name = '张三' WHERE ck_f_id = '1' 在clickHouse上执行 完全正常，如下： 但是，一旦我试图在项目中运行这条SQL，就报错，打断点发现在 WallProvider.class的630行，这条SQL被解析异常，直接被ParserException捕获，最后报错，如下：

Caused by: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ? at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:849) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:86) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.prepareStatement(MybatisSimpleExecutor.java:92) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.doUpdate(MybatisSimpleExecutor.java:53) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at com.baomidou.mybatisplus.core.executor.MybatisCachingExecutor.update(MybatisCachingExecutor.java:83) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) ... 89 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: Invalid from clause : name = ? at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSourceQueryTableExpr(SQLSelectParser.java:1124) at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:1098) at com.alibaba.druid.sql.parser.SQLStatementParser.parseUpdateStatement(SQLStatementParser.java:4208) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:243) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:124) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:630) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:584) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:826) ... 104 common frames omitted

name改成`name`试试，这个是关键字

我要执行的SQL如下： ALTER TABLE t_test1 UPDATE name = '张三' WHERE ck_f_id = '1' 在clickHouse上执行 完全正常，如下： 但是，一旦我试图在项目中运行这条SQL，就报错，打断点发现在 WallProvider.class的630行，这条SQL被解析异常，直接被ParserException捕获，最后报错，如下： Caused by: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ? at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:849) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:86) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.prepareStatement(MybatisSimpleExecutor.java:92) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.doUpdate(MybatisSimpleExecutor.java:53) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at com.baomidou.mybatisplus.core.executor.MybatisCachingExecutor.update(MybatisCachingExecutor.java:83) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) ... 89 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: Invalid from clause : name = ? at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSourceQueryTableExpr(SQLSelectParser.java:1124) at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:1098) at com.alibaba.druid.sql.parser.SQLStatementParser.parseUpdateStatement(SQLStatementParser.java:4208) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:243) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:124) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:630) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:584) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:826) ... 104 common frames omitted

name改成name试试，这个是关键字

试过了，首先 name不能改成 'name'，运行就会报错，如下：

其次，就算在项目里改成 'name'，报错如下： Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'DATE 'name' = ? WHERE ck_f_id = ?', expect SET, actual =, pos 36, line 1, column 35, token =

这显然是druid解析不了ck的修改字段值SQL语句，不支持这种语法

我要执行的SQL如下： ALTER TABLE t_test1 UPDATE name = '张三' WHERE ck_f_id = '1' 在clickHouse上执行 完全正常，如下： 但是，一旦我试图在项目中运行这条SQL，就报错，打断点发现在 WallProvider.class的630行，这条SQL被解析异常，直接被ParserException捕获，最后报错，如下： Caused by: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ? at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:849) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:86) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.prepareStatement(MybatisSimpleExecutor.java:92) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.doUpdate(MybatisSimpleExecutor.java:53) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at com.baomidou.mybatisplus.core.executor.MybatisCachingExecutor.update(MybatisCachingExecutor.java:83) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) ... 89 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: Invalid from clause : name = ? at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSourceQueryTableExpr(SQLSelectParser.java:1124) at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:1098) at com.alibaba.druid.sql.parser.SQLStatementParser.parseUpdateStatement(SQLStatementParser.java:4208) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:243) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:124) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:630) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:584) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:826) ... 104 common frames omitted

name改成name试试，这个是关键字

试过了，首先 name不能改成 'name'，运行就会报错，如下：

其次，就算在项目里改成 'name'，报错如下： Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'DATE 'name' = ? WHERE ck_f_id = ?', expect SET, actual =, pos 36, line 1, column 35, token =

这显然是druid解析不了ck的修改字段值SQL语句，不支持这种语法

是斜撇，不是引号，数字1前面的那个键

我要执行的SQL如下： ALTER TABLE t_test1 UPDATE name = '张三' WHERE ck_f_id = '1' 在clickHouse上执行 完全正常，如下： 但是，一旦我试图在项目中运行这条SQL，就报错，打断点发现在 WallProvider.class的630行，这条SQL被解析异常，直接被ParserException捕获，最后报错，如下： Caused by: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ? at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:849) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:86) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.prepareStatement(MybatisSimpleExecutor.java:92) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.doUpdate(MybatisSimpleExecutor.java:53) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at com.baomidou.mybatisplus.core.executor.MybatisCachingExecutor.update(MybatisCachingExecutor.java:83) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) ... 89 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: Invalid from clause : name = ? at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSourceQueryTableExpr(SQLSelectParser.java:1124) at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:1098) at com.alibaba.druid.sql.parser.SQLStatementParser.parseUpdateStatement(SQLStatementParser.java:4208) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:243) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:124) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:630) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:584) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:826) ... 104 common frames omitted

name改成name试试，这个是关键字

试过了，首先 name不能改成 'name'，运行就会报错，如下： 其次，就算在项目里改成 'name'，报错如下： Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'DATE 'name' = ? WHERE ck_f_id = ?', expect SET, actual =, pos 36, line 1, column 35, token = 这显然是druid解析不了ck的修改字段值SQL语句，不支持这种语法

是斜撇，不是引号，数字1前面的那个键

我试过了，在ck是可以运行的，如下： dan's 但是在项目里，还是报错，如下：

Cause: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ?

我要执行的SQL如下： ALTER TABLE t_test1 UPDATE name = '张三' WHERE ck_f_id = '1' 在clickHouse上执行 完全正常，如下： 但是，一旦我试图在项目中运行这条SQL，就报错，打断点发现在 WallProvider.class的630行，这条SQL被解析异常，直接被ParserException捕获，最后报错，如下： Caused by: java.sql.SQLException: sql injection violation, dbType clickhouse, , druid-version 1.2.5, syntax error: Invalid from clause : name = ? : ALTER TABLE t_test1 UPDATE name = ? WHERE ck_f_id = ? at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:849) at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:292) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930) at com.alibaba.druid.filter.FilterEventAdapter.connection_prepareStatement(FilterEventAdapter.java:122) at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568) at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:341) at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:351) at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:86) at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:88) at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:59) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.prepareStatement(MybatisSimpleExecutor.java:92) at com.baomidou.mybatisplus.core.executor.MybatisSimpleExecutor.doUpdate(MybatisSimpleExecutor.java:53) at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:117) at com.baomidou.mybatisplus.core.executor.MybatisCachingExecutor.update(MybatisCachingExecutor.java:83) at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:197) ... 89 common frames omitted Caused by: com.alibaba.druid.sql.parser.ParserException: Invalid from clause : name = ? at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSourceQueryTableExpr(SQLSelectParser.java:1124) at com.alibaba.druid.sql.parser.SQLSelectParser.parseTableSource(SQLSelectParser.java:1098) at com.alibaba.druid.sql.parser.SQLStatementParser.parseUpdateStatement(SQLStatementParser.java:4208) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:243) at com.alibaba.druid.sql.parser.SQLStatementParser.parseStatementList(SQLStatementParser.java:124) at com.alibaba.druid.wall.WallProvider.checkInternal(WallProvider.java:630) at com.alibaba.druid.wall.WallProvider.check(WallProvider.java:584) at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:826) ... 104 common frames omitted

name改成name试试，这个是关键字

试过了，首先 name不能改成 'name'，运行就会报错，如下： 其次，就算在项目里改成 'name'，报错如下： Caused by: com.alibaba.druid.sql.parser.ParserException: syntax error, error in :'DATE 'name' = ? WHERE ck_f_id = ?', expect SET, actual =, pos 36, line 1, column 35, token = 这显然是druid解析不了ck的修改字段值SQL语句，不支持这种语法

是斜撇，不是引号，数字1前面的那个键

请问这个是怎么解决的啊，ch的版本是21.10.2.15，druid的是1.2.5

大佬

多数据源的情况下依然会报错，可以尝试配置strict-syntax-check

你好 问题有得到解决或者planB 么

配置strict-syntax-check可以的

官方大佬有时间，麻烦兼容下clickhouse的update语法