iamxiaojuan opened a new issue #7620: sql injection violation URL: https://github.com/apache/incubator-druid/issues/7620 insert into rank_month_trade(data_time,rank_type,rank,group_id,total_value) select ?,0,@rank:=@rank + 1 AS rank_no,a.group_id,a.real_value from( select group_id,sum(total_pay) as real_value from daily_group_trade where data_time >=? and data_time <? group by group_id order by real_value desc )a,(select @rank:=0) b on duplicate key update group_id = values (group_id),total_value = values (total_value); The sql can lead to SQL injection problems,the complete mistake is 
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
