SQL脚本杀死jsp渲染

Posted 2023-03-31

【中文标题】SQL脚本杀死jsp渲染

【英文标题】：SQL script kill jsp render

【发布时间】：2015-02-25 00:03:50

【问题描述】：

我有一个保存 sql 脚本的 Web 应用程序。这在春天的帮助下

表单被填写，它被保存并在同一个表单上返回响应

这是表格

<form:form modelAttribute="formCaptureSql" action="save" method="POST">

    ID<form:input path="id" value="$script.id " />
    Master<form:input path="masterId" value="$script.masterId"/>
    Query String<textarea name="scriptString" rows="40">$script.scriptString</textarea>
    VersionR<form:input path="versionR" value="$regla.versionR "/>

<button class="submit green" name="submitbuttonname" value="Save">Save</button>

直到今天这一切都很好

保存此查询时，视图已损坏（是 db2 查询）

SELECT T4.*,

CASE 
  WHEN ANTI_DAD = 1 AND (PRMEQ >= 64800 OR C_AGT >= 18)  THEN 7000
  WHEN ANTI_DAD = 2 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 5000
  WHEN ANTI_DAD = 3 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2500
  WHEN ANTI_DAD = 4 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2000
  WHEN ANTI_DAD = 5 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 6 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 7 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 8 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 9 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
ELSE 0 END AS TOTAL_BONUS,
CASE 
  WHEN ANTI_DAD = 1   THEN 18
  WHEN ANTI_DAD between 2 and 9   THEN 20 
ELSE 0 END AS META_M,
CASE 
  WHEN ANTI_DAD = 1   THEN 64800
  WHEN ANTI_DAD >= 2 AND ANTI_DAD <= 9   THEN 72000 
ELSE 0 END AS PRM_M

FROM (


SELECT 
NO_AGENTE , 
COUNT(NO_AGENTE) AS C_AGT , 
SUM(PRM_STORED_ANUAL) AS PRMEQ , 
SUM(PRM_STORED_ANUAL_BONUS) AS PRMEQBONUS , 
a.MTYPCED AS CEDULA , 
ANTI_DAD 
FROM ( 
SELECT 
NAME_ASE_GDO, 
GRUPO, 
LOCALIDAD, 
PLAN_BASIC, 
TEMPO, 
NO_AGENTE, 
NO_GER, 
OFFICE, 
PRM_ANUAL, 
PRM_FRAC_MODAL, 
QRT_FIJ, 
PRM_COMIS, 
FORMA_PAY, 
STATUS_C_AGT, 
FECHA_STATUS, 
PRM_STORED_ANUAL, 
C_AGT, 
CASE WHEN MTYPCED = 'G'  then PRM_STORED_ANUAL * 2 
ELSE 
PRM_STORED_ANUAL 
END as PRM_STORED_ANUAL_BONUS, (days(CURRENT DATE)- days( DATE(SUBSTR (cast(MHIRDT as char(12)) , 1 ,4) || '-' || SUBSTR (cast(MHIRDT as char(12)) , 5 ,2) || '-' || SUBSTR (cast(MHIRDT as char(12)) , 7 ,2) ) ) )/30 AS ANTI_DAD FROM ( SELECT c.CMNAME AS NAME_ASE_GDO, c.MCGBNO AS GRUPO, c.MCEMPL AS LOCALIDAD, c.FPLAN AS PLAN_BASIC,
c.PBPDYR AS TEMPO,
c.MWAGTN AS NO_AGENTE,
c.ASUP AS NO_GER,
c.AOFI AS OFFICE,
c.MCPRMA AS PRM_ANUAL,
c.MCPRMM AS PRM_FRAC_MODAL, 
c.MCPFEE AS RECARGO_FIJO, 
c.MCPRMM - c.MCPFEE AS PRM_COMISIONABLE,
c.MCPMOD AS FORMA_PAY,
c.MCCSTA AS STATUS_C_AGT,
c.MLSTDT AS FECHA_STATUS,
c.MCCNTR as C_AGT,
a.MTYPCED,
a.MHIRDT,
CASE MCPMOD
WHEN 'H' THEN MCPRMM * 24
WHEN 'W' THEN MCPRMM * 52
WHEN 'M' THEN MCPRMM * 12
WHEN 'S' THEN MCPRMM * 2
WHEN 'A' THEN MCPRMM * 1
WHEN 'B' THEN MCPRMM * 26
WHEN 'Q' THEN MCPRMM * 4
WHEN 'T' THEN MCPRMM * 13
ELSE 0
END AS PRM_STORED_ANUAL 
FROM ( SELECT  a.*
FROM    LS8004DTA.CASCNTRML8 a
        INNER JOIN 
        (
            SELECT  MCCNTR, MAX(MWAEFFE) max_date
            FROM    T24P443DTA.CASCNTRML8
            GROUP   BY MCCNTR
        ) b ON  a.MCCNTR = b.MCCNTR AND
                a.MWAEFFE = b.max_date ) AS c
left join LS977DTA.COMAGTML04 a 
on a.MAGTNO = c.MWAGTN 
WHERE MSTLDT BETWEEN 20141201 AND 20141231
 and MCCSTA NOT IN ('C', 'N')) AS T 
) AS T1 
LEFT JOIN LSP443DTA.COMAGTML04 a
 ON a.MAGTNO = T1.NO_AGENTE
 WHERE a.MTYPCED = 'G' 
GROUP BY GROUPING SETS ((NO_AGENTE,MTYPCED, ANTI_DAD)) 
ORDER BY PRMEQ DESC 

) AS T4

查询在textarea中产生tihs，下一个输入和按钮不显示，因为html代码在textarea中

SELECT T4.*,

CASE 
  WHEN ANTI_DAD = 1 AND (PRMEQ >= 64800 OR C_AGT >= 18)  THEN 7000
  WHEN ANTI_DAD = 2 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 5000
  WHEN ANTI_DAD = 3 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2500
  WHEN ANTI_DAD = 4 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 2000
  WHEN ANTI_DAD = 5 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 6 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 7 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 8 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
  WHEN ANTI_DAD = 9 AND (PRMEQ >= 72000 OR C_AGT >= 20)  THEN 1500
ELSE 0 END AS TOTAL_BONUS,
CASE 
  WHEN ANTI_DAD = 1   THEN 18
  WHEN ANTI_DAD between 2 and 9   THEN 20 
ELSE 0 END AS META_M,
CASE 
  WHEN ANTI_DAD = 1   THEN 64800
  WHEN ANTI_DAD >= 2 AND ANTI_DAD




VersionR<input id="versionR" name="versionR" value="1"  type="text" value=""/>

<button class="submit green" name="submitbuttonname" value="Save">Save</button>
</form> <!-- -close the form->
</section> <!-- -tag in my desing->
<footer>.....
<more divs>
</body>
</html>

我猜这是一个字符，< 或 >，但因为它出现在这个查询中

在任何情况下我怎样才能避免它？

【参考方案1】：

看来问题与 SQL 中的特殊字符有关，例如 ' 在 HTML 中转义它们

< > 替换为 >