We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
3.5.1
3.4.3.1 版本通过替换空格等能作为空格的符号来修复 sql 注入,但存在绕过,使用/**/作为空格是可以继续执行 sql 语句的
QueryWrapper wrapper = new QueryWrapper<>(); wrapper.orderBy(true, true, "id;delete//from//test;");
表被清空
The text was updated successfully, but these errors were encountered:
3.5.2 版本同样存在这个问题
Sorry, something went wrong.
自己处理
这是特性,为了适配子查询
No branches or pull requests
当前使用版本(必填,否则不予处理)
3.5.1
该问题是如何引起的?(确定最新版也有问题再提!!!)
3.4.3.1 版本通过替换空格等能作为空格的符号来修复 sql 注入,但存在绕过,使用/**/作为空格是可以继续执行 sql 语句的
重现步骤(如果有就写完整)
QueryWrapper wrapper = new QueryWrapper<>();
wrapper.orderBy(true, true, "id;delete//from//test;");
报错信息
表被清空
The text was updated successfully, but these errors were encountered: