我面临错误“ORA-00911:无效字符”,同时调用下面的功能。如果我使用带有硬编码值的SQL查询(到目前为止,它在下面的代码片段中被注解掉了),那么我将在Postman中获得JSON响应中的数据库记录,没有任何问题。所以,看起来我在论点上做错了什么。仅供参考,我正在使用“github.com/sijms/go-ora/v2“包连接到Oracle数据库。此外,'DashboardRecordsRequest'结构是在datamodel包,但我已经粘贴在下面的代码片段作为参考。请注意,由于我正在进行POC,我们将使用存储过程与Oracle进行交互。
Postman请求有效载荷:
{
"username": "UserABC",
"startindex": 0,
"pagesize": 10,
"sortby": "requestnumber",
"sortorder": "DESC"
}代码:
type DashboardRecordsRequest struct {
Username string `json:"username"`
StartIndex int `json:"startindex"`
PageSize int `json:"pagesize"`
SortBy string `json:"sortby"`
SortOrder string `json:"sortorder"`
}
func GetDashboardActiveRequestRecords(request datamodel.DashboardRecordsRequest) ([]datamodel.ActiveRequestRecord, error) {
sortby := request.SortBy
sortorder := request.SortOrder
startindex := request.StartIndex
pagesize := request.PageSize
activerecords := []datamodel.ActiveRequestRecord{}
slog.Info("Verify values", slog.String("sortby", sortby), slog.String("sortorder", sortorder), slog.Int("startindex", startindex), slog.Int("pagesize", pagesize))
dbconn, err := getDBConnection()
if err != nil {
logger.Error("Could not connect to database")
return activerecords, err
}
stmt, err := dbconn.Prepare("SELECT requestnumber, requeststatus, NVL(requestor, 'N/A'), NVL(pendingwith, 'N/A'), NVL(processtype, 'N/A'), actiondate FROM requests WHERE requeststatus = 'PENDINGAPPROVAL' ORDER BY ? ? OFFSET ? ROWS FETCH NEXT ? ROWS ONLY")
/*stmt, err := dbconn.Prepare("SELECT requestnumber, requeststatus, NVL(requestor, 'N/A'), NVL(pendingwith, 'N/A'), NVL(processtype, 'N/A'), actiondate FROM requests WHERE requeststatus = 'PENDINGAPPROVAL' ORDER BY requestnumber DESC OFFSET 0 ROWS FETCH NEXT 10 ROWS ONLY")*/
if err != nil {
logger.Error("Error while building prepared statement for retrieving dashboard active records", slog.String("Error", err.Error()))
return activerecords, err
}
rows, err := stmt.Query(sortby, sortorder, startindex, pagesize)
//rows, err := stmt.Query()
if err != nil {
logger.Error("Error while executing prepared statement for retrieving dashboard active records", slog.String("Error", err.Error()))
return activerecords, err
}
defer rows.Close()
for rows.Next() {
var rec datamodel.ActiveRequestRecord
err = rows.Scan(&rec.RequestNumber, &rec.RequestStatus, &rec.RequestorName, &rec.PendingWith, &rec.ProcessType, &rec.LastActionDate)
if err != nil {
logger.Error("Error while processing database resultset for dashboard active records", slog.String("Error", err.Error()))
return activerecords, err
}
activerecords = append(activerecords, rec)
}
return activerecords, err
}请求表结构:
CREATE TABLE "REQUESTS" (
"REQUESTNUMBER" VARCHAR2(64 CHAR) NOT NULL ENABLE,
"REQUESTSTATUS" VARCHAR2(128 CHAR) NOT NULL ENABLE,
"SUBMISSIONDATE" TIMESTAMP(6),
"PROCESSTYPE" VARCHAR2(256 CHAR),
"SUBMITTER" VARCHAR2(256 CHAR) NOT NULL ENABLE,
"REQUESTOR" VARCHAR2(512 CHAR),
"PENDINGWITH" VARCHAR2(512 CHAR),
"ACTIONDATE" TIMESTAMP(6),
"RESUBMISSIONDATE" TIMESTAMP(6),
PRIMARY KEY ( "REQUESTNUMBER" ),
FOREIGN KEY ( "SUBMITTER" )
REFERENCES "SUBMITTERS" ( "USERNAME" )
)错误代码:
time=2023-10-04T06:43:06.304Z level=INFO source=C:/code/tutorials/myapp/internal/storage/dashboard.go:19 msg="Verify values" sortby=requestnumber sortorder=DESC startindex=0 pagesize=10
time=2023-10-04T06:43:06.603Z level=ERROR source=C:/code/tutorials/myapp/internal/storage/dashboard.go:34 msg="Error while executing prepared statement for retrieving dashboard active records" Error="ORA-00911: invalid character\n"
1条答案
按热度按时间7vux5j2d1#
直接的问题是您使用的是JDBC风格的
?绑定占位符,而不是预期的:var形式。从您说您正在使用的go-ora包的文档中:Oracle中的参数应该以:例如:pr 1
所以你的
stmt应该是:但是你不能绑定除了变量之外的任何东西,所以它根本不允许你把
sortorder作为一个变量,如果你只是删除它,然后做:这看起来是可行的,但即使这样也不能完全达到你想要的效果,因为排序是按照字面列名称,而不是它的值;所以它将作为
ORDER BY 'requestnumber'而不是ORDER BY requestnumber的等价物运行。按这个常量字符串排序不会有任何效果。您需要在语句中嵌入排序条件:
db<>fiddle使用PL/SQL动态游标作为简化的等价物,显示了三个版本-一个错误,一个未按预期排序,最后正确排序。
但是,您还需要清理这些输入,以再次保护SQL注入。