自定义查询在新建SQL时的bug
逆光1 发布于2月前 1答/78阅

1、问题复现


后台报字符串截取越界:

Sql: select * from eova_menu where code = ?
Sql: select * from eova_object where code = 'eova_meta_template'
Sql: insert into `eova_object`(`biz_intercept`, `code`, `config`, `data_source`, `default_order`, `diy_card`, `diy_js`, `filter`, `is_celledit`, `is_first_load`, `is_show_num`, `is_single`, `name`, `pk_name`, `table_name`, `view_name`, `view_sql`) values(?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
java.lang.StringIndexOutOfBoundsException: String index out of range: -6
	at java.lang.String.substring(String.java:1967)
	at com.eova.core.meta.MetaUtil.addVirtualObject(MetaUtil.java:84)
	at com.eova.core.menu.MenuController.add(MenuController.java:221)
	at sun.reflect.GeneratedMethodAccessor45.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

2、问题分析

查看com.eova.core.meta.MetaUtil.addVirtualObject源码

public static void addVirtualObject(String sql, String code, String name, String ds)
  {
    int i1 = sql.indexOf("select") + 6;
    int i2 = sql.indexOf("from");
    
    code = "v_" + code;
    
    MetaObject eo = MetaObject.dao.getTemplate();
    eo.remove("id");
    eo.set("code", code);
    eo.set("name", name);
    eo.set("data_source", ds);
    eo.set("table_name", "virtual");
    eo.set("is_first_load", Integer.valueOf(0));
    eo.set("view_sql", sql);
    eo.save();
    
    String select = sql.trim().toLowerCase().substring(i1, i2);
    String[] ss = select.split(",");

发现字符串截取的数值是先进行小写的select和from所在位置判断,

之后才使用toLowerCase()方法进行截取。

因为我的SQL是在SQLYog这个工具中写的,自动将关键字大写了,导致此问题。


[沙发] Jieven
@逆光1 已采纳, 将会在下一个大版本更新中解决.
提交评论
嘿,我来帮你!