@@ -145,9 +145,11 @@ public abstract class AbstractSQLConfig implements SQLConfig {
145145 RAW_MAP .put ("DISTINCT" , "" );
146146
147147 //时间
148- RAW_MAP .put ("DATE" , "" );
149148 RAW_MAP .put ("now()" , "" );
149+ RAW_MAP .put ("DATE" , "" );
150+ RAW_MAP .put ("TIME" , "" );
150151 RAW_MAP .put ("DATETIME" , "" );
152+ RAW_MAP .put ("TIMESTAMP" , "" );
151153 RAW_MAP .put ("DateTime" , "" );
152154 RAW_MAP .put ("SECOND" , "" );
153155 RAW_MAP .put ("MINUTE" , "" );
@@ -157,17 +159,33 @@ public abstract class AbstractSQLConfig implements SQLConfig {
157159 RAW_MAP .put ("MONTH" , "" );
158160 RAW_MAP .put ("QUARTER" , "" );
159161 RAW_MAP .put ("YEAR" , "" );
160- RAW_MAP .put ("json" , "" );
161- RAW_MAP .put ("unit" , "" );
162+ // RAW_MAP.put("json", "");
163+ // RAW_MAP.put("unit", "");
162164
163165 //MYSQL 数据类型 BINARY,CHAR,DATETIME,TIME,DECIMAL,SIGNED,UNSIGNED
164166 RAW_MAP .put ("BINARY" , "" );
165167 RAW_MAP .put ("SIGNED" , "" );
166168 RAW_MAP .put ("DECIMAL" , "" );
169+ RAW_MAP .put ("DOUBLE" , "" );
170+ RAW_MAP .put ("FLOAT" , "" );
171+ RAW_MAP .put ("BOOLEAN" , "" );
172+ RAW_MAP .put ("ENUM" , "" );
173+ RAW_MAP .put ("SET" , "" );
174+ RAW_MAP .put ("POINT" , "" );
175+ RAW_MAP .put ("BLOB" , "" );
176+ RAW_MAP .put ("LONGBLOB" , "" );
167177 RAW_MAP .put ("BINARY" , "" );
168178 RAW_MAP .put ("UNSIGNED" , "" );
179+ RAW_MAP .put ("BIT" , "" );
180+ RAW_MAP .put ("TINYINT" , "" );
181+ RAW_MAP .put ("SMALLINT" , "" );
182+ RAW_MAP .put ("INT" , "" );
183+ RAW_MAP .put ("BIGINT" , "" );
169184 RAW_MAP .put ("CHAR" , "" );
170- RAW_MAP .put ("TIME" , "" );
185+ RAW_MAP .put ("VARCHAR" , "" );
186+ RAW_MAP .put ("TEXT" , "" );
187+ RAW_MAP .put ("LONGTEXT" , "" );
188+ RAW_MAP .put ("JSON" , "" );
171189
172190 //窗口函数关键字
173191 RAW_MAP .put ("OVER" , "" );
@@ -1686,28 +1704,33 @@ private String[] parseArgsSplitWithComma(String param, boolean isColumn, boolean
16861704 String ck = ckeys [i ];
16871705
16881706 // 如果参数包含 "'" ,解析字符串
1689- if (ck .contains ("'" )) {
1690- int count = 0 ;
1691- for (int j = 0 ; j < ck .length (); j ++) {
1692- if (ck .charAt (j ) == '\'' ) count ++;
1707+ if (ck .startsWith ("`" ) && ck .endsWith ("`" )) {
1708+ origin = ck .substring (1 , ck .length () - 1 );
1709+ //sql 注入判断 判断
1710+ if (StringUtil .isName (origin ) == false ) {
1711+ throw new IllegalArgumentException ("字符 " + ck + " 不合法!"
1712+ + "预编译模式下 @column:\" `column0`,`column1`:alias;function0(arg0,arg1,...);function1(...):alias...\" "
1713+ + " 中所有字符串 column 都必须必须为1个单词 !" );
16931714 }
1694- // FIXME 把 `column` 和 '2 values with [ / : ] ..' 按引号位置分割才能满足全文索引、窗口函数的需要
1695- // 排除字符串中参数中包含 ' 的情况和不以' 开头和结尾的情况,同时排除 cast('s' as ...) 以空格分隔的参数中包含字符串的情况
1696- if (count != 2 || !(ck .startsWith ("'" ) && ck .endsWith ("'" ))) {
1715+
1716+ ckeys [i ] = getKey (origin ).toString ();
1717+ }
1718+ else if (ck .startsWith ("'" ) && ck .endsWith ("'" )) {
1719+ origin = ck .substring (1 , ck .length () - 1 );
1720+ if (origin .contains ("'" )) {
16971721 throw new IllegalArgumentException ("字符串 " + ck + " 不合法!"
16981722 + "预编译模式下 @column:\" column0,column1:alias;function0(arg0,arg1,...);function1(...):alias...\" "
16991723 + " 中字符串参数不合法,必须以 ' 开头, ' 结尾,字符串中不能包含 ' " );
17001724 }
17011725 //sql 注入判断 判断
1702- origin = (ck .substring (1 , ck .length () - 1 ));
17031726 if (origin .contains ("--" ) || PATTERN_STRING .matcher (origin ).matches () == true ) {
17041727 throw new IllegalArgumentException ("字符 " + ck + " 不合法!"
17051728 + "预编译模式下 @column:\" column0,column1:alias;function0(arg0,arg1,...);function1(...):alias...\" "
17061729 + " 中所有字符串 arg 都必须不符合正则表达式 " + PATTERN_STRING + " 且不包含连续减号 -- !" );
17071730 }
1708-
1731+
17091732 // 1.字符串不是字段也没有别名,所以不解析别名 2. 是字符串,进行预编译,使用getValue() ,对字符串进行截取
1710- ckeys [i ] = getValue (ck . substring ( 1 , ck . length () - 1 ) ).toString ();
1733+ ckeys [i ] = getValue (origin ).toString ();
17111734 }
17121735 else {
17131736 // 参数不包含",",即不是字符串
0 commit comments