Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

语句在WHERE后无关联字段竟然能审核通过 #178

Closed
zwunix opened this issue Mar 25, 2020 · 5 comments
Closed

语句在WHERE后无关联字段竟然能审核通过 #178

zwunix opened this issue Mar 25, 2020 · 5 comments
Labels
wontfix This will not be worked on

Comments

@zwunix
Copy link

zwunix commented Mar 25, 2020

描述
语句在WHERE后无关联字段竟然能审核通过

重现
例如
update cont_XXX
set con_status = 3
where
71532599925489664;

环境

  • 数据库: [mysql]
  • 版本: [5.6]

造成了大量数据被错误地修改。
@hanchuanchuan
Copy link
Owner

因为标准MySQL语法是允许的,所以审核和执行都通过了。

@hanchuanchuan
Copy link
Owner

后续会尝试添加限制,数据恢复可以通过备份功能里的回滚SQL。

hanchuanchuan added a commit that referenced this issue Mar 25, 2020
@hanchuanchuan
update: 添加where条件中的值表达式审核,避免无效表达式误更新 (#178)
dd4d4e3
hanchuanchuan added a commit that referenced this issue Mar 26, 2020
@hanchuanchuan
Merge pull request #179 from hanchuanchuan/patch-where-value-expr
9785f86 
update: 添加where条件中的值表达式审核,避免无效表达式误更新 (#178)
@hanchuanchuan
Copy link
Owner

问题已优化. 注意区分版本
v1.2.1-21

@stale
Copy link

stale bot commented Apr 9, 2020

由于此问题没有最近的活动,因此已被自动标记为陈旧。如果没有进一步的活动,会作为不活跃issue关闭。感谢你对本项目的贡献。 This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix This will not be worked on label Apr 9, 2020
@stale stale bot closed this as completed Apr 16, 2020
@czxin788
Copy link

问题已优化. 注意区分版本 v1.2.1-21

我看这个问题已经优化了,但是我用新版本怎么还是不生效,需要通过什么参数开启:

[root@vmware-centos7 goinception]# ./goInception -V
Release Version: v1.3.0-72-g5fdba23-dirty
Git Commit Hash: 5fdba23d84614e4b0ffe0f6df4bc196517d6ec22
Git Branch: master
UTC Build Time: 2023-05-01 13:12:55
GoVersion: go version go1.14.15 linux/amd64

image

语句是:

inception_magic_start;
use `test_inc`;
update czx set name='c' where -1000;
inception_magic_commit;'''

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@czxin788 @hanchuanchuan @zwunix