Mybatis UserMapping.xml
<select id="queryUserByName" resultMap="BaseResultMap" parameterType="String">
SELECT id, username, password
FROM users where username = "${username}"
</select>
you can see http://test.com/queryUserByName?username=aaaa " or length(current_user) = "14
MySQL throwd Exception:nested exception is org.apache.ibatis.exceptions.TooManyResultsException
Its means the query is success but return too many result
then,you can see queryUserByName?username=aaaa" or ascii(substr(current_user,1,1)) = "114
Key function “current_user" exists in file /META-INF/druid/wall/mysql/deny-function.txt
So I think this is a bug
2条答案
按热度按时间8qgya5xd1#
reference: https://dwz.cn/5o7xLcXV
fjaof16o2#
I am a newcomer. I am interested in this issue. Please guide me.