From 89cbfb15e4d6a51e3991cc92cada05cc925dc94a Mon Sep 17 00:00:00 2001
From: abirdman <152974495@qq.com>
Date: Fri, 11 Dec 2015 12:21:14 +0800
Subject: [PATCH] =?UTF-8?q?fixed=20bug:mysql=EF=BC=8Cdelete=20from=20table?=
 =?UTF-8?q?Name=20where=20id=20=3D1=EF=BC=8C=E5=A6=82=E6=9E=9C=E6=8A=8Awhe?=
 =?UTF-8?q?re=E5=85=B3=E9=94=AE=E5=AD=97=E5=86=99=E9=94=99=E4=BA=86?=
 =?UTF-8?q?=EF=BC=8C=E5=A6=82=E5=86=99=E6=88=90delete=20from=20tableName?=
 =?UTF-8?q?=20wher=20id=20=3D1=EF=BC=8C=E4=BC=9A=E5=AF=BC=E8=87=B4?=
 =?UTF-8?q?=E6=95=B4=E4=B8=AA=E8=A1=A8=E7=9A=84=E6=95=B0=E6=8D=AE=E8=A2=AB?=
 =?UTF-8?q?=E5=88=A0=E9=99=A4=E3=80=82update=E8=AF=AD=E5=8F=A5=E4=B9=9F?=
 =?UTF-8?q?=E6=9C=89=E5=90=8C=E6=A0=B7=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../mysql/parser/MySqlStatementParser.java    | 17 +++++-
 .../druid/sql/parser/MysqlParserTest.java     | 58 +++++++++++++++++++
 2 files changed, 74 insertions(+), 1 deletion(-)
 create mode 100644 src/test/java/com/alibaba/druid/sql/parser/MysqlParserTest.java

diff --git a/src/main/java/com/alibaba/druid/sql/dialect/mysql/parser/MySqlStatementParser.java b/src/main/java/com/alibaba/druid/sql/dialect/mysql/parser/MySqlStatementParser.java
index c096f330b5..f71d8d47c8 100644
--- a/src/main/java/com/alibaba/druid/sql/dialect/mysql/parser/MySqlStatementParser.java
+++ b/src/main/java/com/alibaba/druid/sql/dialect/mysql/parser/MySqlStatementParser.java
@@ -236,6 +236,11 @@ public SQLUpdateStatement parseUpdateStatement() {
         }
 
         parseUpdateSet(stmt);
+        
+        if(lexer.token() == Token.IDENTIFIER) {
+        	throw new ParserException("You have an error in your SQL syntax; check the manual that corresponds "
+        			+ "to your MySQL server version for the right syntax to use near '" + lexer.stringVal() + "'");
+        }
 
         if (lexer.token() == (Token.WHERE)) {
             lexer.nextToken();
@@ -245,6 +250,11 @@ public SQLUpdateStatement parseUpdateStatement() {
         stmt.setOrderBy(this.exprParser.parseOrderBy());
 
         stmt.setLimit(parseLimit());
+        
+        if(lexer.token() != Token.EOF && lexer.token() != Token.SEMI) {
+        	throw new ParserException("You have an error in your SQL syntax; check the manual that corresponds "
+        			+ "to your MySQL server version for the right syntax to use near '" + lexer.stringVal() + "'");
+        }
 
         return stmt;
     }
@@ -300,7 +310,7 @@ public MySqlDeleteStatement parseDeleteStatement() {
                 deleteStatement.setUsing(tableSource);
             }
         }
-
+        
         if (lexer.token() == (Token.WHERE)) {
             lexer.nextToken();
             SQLExpr where = this.exprParser.expr();
@@ -313,6 +323,11 @@ public MySqlDeleteStatement parseDeleteStatement() {
         }
 
         deleteStatement.setLimit(parseLimit());
+        
+        if(lexer.token() != Token.EOF && lexer.token() != Token.SEMI) {
+        	throw new ParserException("You have an error in your SQL syntax; check the manual that corresponds "
+        			+ "to your MySQL server version for the right syntax to use near '" + lexer.stringVal() + "'");
+        }
 
         return deleteStatement;
     }
diff --git a/src/test/java/com/alibaba/druid/sql/parser/MysqlParserTest.java b/src/test/java/com/alibaba/druid/sql/parser/MysqlParserTest.java
new file mode 100644
index 0000000000..0217aa3cc1
--- /dev/null
+++ b/src/test/java/com/alibaba/druid/sql/parser/MysqlParserTest.java
@@ -0,0 +1,58 @@
+/*
+ * Copyright 1999-2101 Alibaba Group Holding Ltd.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.alibaba.druid.sql.parser;
+
+
+import junit.framework.TestCase;
+
+import org.junit.Assert;
+
+import com.alibaba.druid.sql.dialect.mysql.parser.MySqlStatementParser;
+
+public class MysqlParserTest extends TestCase {
+
+    public void test_0() throws Exception {
+    	//防止delete 语句手误将where关键字写错导致删除全表
+        String sql = "DELETE FROM t_order WHER id = 1";
+        MySqlStatementParser parser = new MySqlStatementParser(sql);
+        try {
+        	parser.parseDeleteStatement();
+        	Assert.assertFalse("parseDeleteStatement must throw exception",true);
+		} catch (ParserException e) {
+			String errMsg = "You have an error in your SQL syntax; "
+					+ "check the manual that corresponds to your MySQL server version "
+					+ "for the right syntax to use near 'id'";
+			assertEquals(errMsg, e.getMessage());
+		}
+        
+      //防止update 语句手误将where关键字写错导致更新全表
+        sql = "update t_order set name = 'testName' WHER id = 1";
+        parser = new MySqlStatementParser(sql);
+        try {
+        	parser.parseUpdateStatement();
+        	Assert.assertFalse("parseUpdateStatement must throw exception",true);
+		} catch (ParserException e) {
+			String errMsg = "You have an error in your SQL syntax; "
+					+ "check the manual that corresponds to your MySQL server version "
+					+ "for the right syntax to use near 'WHER'";
+			assertEquals(errMsg, e.getMessage());
+		}
+    }
+
+    
+
+    
+}