iamxiaojuan opened a new issue #7620: sql injection violation
URL: https://github.com/apache/incubator-druid/issues/7620
 
 
   insert into rank_month_trade(data_time,rank_type,rank,group_id,total_value)
                select ?,0,@rank:=@rank + 1 AS rank_no,a.group_id,a.real_value
                from(
                select group_id,sum(total_pay) as real_value
                from daily_group_trade
                where data_time >=? and data_time <?
                group by group_id
                order by real_value desc
                )a,(select @rank:=0) b
                on duplicate key update group_id = values 
(group_id),total_value = values (total_value);
   
   The sql can lead to SQL injection problems,the complete mistake is
   
![image](https://user-images.githubusercontent.com/13642031/57423433-9c798e80-7246-11e9-925f-1bce92495e8d.png)
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to