WO2017101398A1 - 数据查询控制方法及装置 - Google Patents
数据查询控制方法及装置 Download PDFInfo
- Publication number
- WO2017101398A1 WO2017101398A1 PCT/CN2016/089283 CN2016089283W WO2017101398A1 WO 2017101398 A1 WO2017101398 A1 WO 2017101398A1 CN 2016089283 W CN2016089283 W CN 2016089283W WO 2017101398 A1 WO2017101398 A1 WO 2017101398A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- statement
- query
- preset
- original query
- query statement
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2425—Iterative querying; Query formulation based on the results of a preceding query
Definitions
- the present invention relates to the field of data processing technologies, and in particular, to a data query control method and apparatus.
- SQL Structured Query Language
- the present invention provides a data query control method and apparatus.
- a data query control method including:
- the original query statement is processed according to the preset restriction condition to obtain a target query statement;
- the method further includes:
- the original query statement is sent to the preset server, so that the preset server returns the query content corresponding to the original query statement.
- performing the statement analysis on the original query statement to obtain the statement information corresponding to the original query statement including:
- the grammar library uses the grammar library to perform parsing on all the obtained words and symbols to obtain a syntax tree corresponding to the original query statement;
- the syntax tree includes a plurality of nodes;
- the syntax tree and the voice information of each node in the syntax tree are used as the statement information.
- the preset restriction condition includes: a query permission, a query result limit, and/or a query result word limit.
- the statement processing the original query statement according to the preset constraint condition to obtain a target query statement including:
- restriction statement is added to the original query statement as the target query statement.
- a data query control apparatus including:
- a statement obtaining module configured to obtain an original query statement input by a user
- a statement analysis module configured to perform statement analysis on the original query statement to obtain statement information corresponding to the original query statement
- An information judging module configured to determine whether the statement information meets a preset restriction condition
- a statement processing module configured to perform a statement processing on the original query statement according to the preset constraint condition when the statement information satisfies the preset constraint condition, to obtain a target query statement
- a sending module configured to send the target query statement to the preset server, so that the preset server returns the query content corresponding to the target query statement.
- the sending module is further configured to: when the statement information does not meet the preset restriction condition, send the original query statement to the preset server, so that the preset server returns the original query The query content corresponding to the statement.
- the statement analysis module includes:
- a format determining submodule configured to determine a statement format of the original query statement
- Obtaining a submodule configured to obtain a lexical library, a grammar library, and a semantic library corresponding to the statement format;
- a lexical analysis sub-module configured to perform lexical analysis on the original query statement by using the lexical library to obtain all words and symbols included in the original query statement;
- a syntax analysis sub-module configured to perform syntax analysis on all the obtained words and symbols by using the grammar library to obtain a syntax tree corresponding to the original query statement; the syntax tree includes a plurality of nodes;
- a semantic analysis sub-module configured to perform semantic analysis by using each node on the syntax tree to obtain semantic information of each node in the syntax tree
- the preset restriction condition includes: a query permission, a query result limit, and/or a query result word limit.
- the statement processing module includes:
- a restriction statement generation submodule configured to generate a restriction statement corresponding to the preset condition
- the statement binding module is configured to add the restriction statement to the original query statement as the target query statement.
- a data query control apparatus including:
- a memory for storing processor executable instructions
- processor is configured to:
- the original query statement is processed according to the preset restriction condition to obtain a target query statement;
- a computer storage medium is further provided, wherein the computer storage medium can store a program, and when the program is executed, the implementation of the data query control method provided by the first aspect of the present invention can be implemented. Some or all of the steps in the way.
- the data query control method provided by the embodiment of the present invention first performs statement analysis on the original query statement, obtains statement information that can represent the meaning of the original query statement, and then determines whether the statement information satisfies a specific preset restriction condition.
- the preset query condition is met, and the original query statement is processed according to the pre-restricted condition to obtain the processed target query statement, and finally the target query statement is sent to the server for query.
- the data query is performed by using the method
- the original query statement input by the user is not directly used to query the database, but after the original query statement is obtained, the processing is performed.
- Querying which can make the user unable to query any data in the database, but can only query some specific data, so it can avoid leaking information that does not belong to the user and improve the security of the data query.
- FIG. 1 is a flowchart of a data query control method according to an exemplary embodiment
- FIG. 2 is a flowchart of another data query control method according to an exemplary embodiment
- step S102 in FIG. 1 is a schematic flow chart of step S102 in FIG. 1;
- FIG. 4 is a schematic structural diagram of a syntax tree according to an embodiment of the present disclosure.
- FIG. 5 is a schematic flowchart of step S104 in FIG. 1;
- FIG. 6 is a schematic structural diagram of another syntax tree according to an embodiment of the present disclosure.
- FIG. 7 is a schematic structural diagram of still another syntax tree according to an embodiment of the present invention.
- FIG. 8 is a schematic structural diagram of a data query control apparatus according to an embodiment of the present invention.
- FIG. 9 is a schematic structural diagram of a statement analysis module in FIG. 8.
- FIG. 10 is a schematic structural diagram of the sentence processing module 14 of FIG.
- FIG. 1 is a flowchart of a data query control method according to an exemplary embodiment. The method may be applied to a server. As shown in FIG. 1, the method may include the following steps.
- Step S101 Acquire an original query sentence input by the user.
- the client can connect to the server through the network, and the database can be set in the server, and the query program or window of the database can be run in the client, and the user can input the statement that needs to be queried in the query program or the query window, and input at this time.
- the statement is the original query statement.
- the format of the original query sentence input needs to be consistent according to the format of the database being queried, so that the original query sentence input can be recognized. And find the corresponding data from the database.
- Step S102 Perform statement analysis on the original query statement to obtain statement information corresponding to the original query statement.
- the format of the input query statement needs to be the same as the format of the database being queried.
- the original query statement can be analyzed according to the corresponding format, regardless of the format of the database, the query statement
- the rules are specific, that is, the content contained in the query statement is specific.
- the query statement is: select deptNo, deptName, sales, score from dept;
- select is the query action, indicating that you want to select
- the following "deptNo, deptName, sales, score” indicates the content to be queried
- "from dept” indicates the location of the query.
- the statement information of the query statement is: select "deptNo, deptName, sales, score” parameters from "dept”.
- Step S103 Determine whether the statement information satisfies a preset restriction condition.
- the default restriction condition is to impose some restrictions on the query of the current original query statement. If the preset restriction condition is not set, it is conceivable that the user can input the query statement arbitrarily, and then any data can be randomly searched from the database.
- the preset restriction condition may include: one or more combinations of query permission, query result limit, query result word limit, and fuzzy query result, wherein the query permission is for the user.
- the content that each user can query is limited; the limit of the number of query results refers to the result that the user can only query the set number of times in one query; the limit of the number of query results refers to the user once in each query.
- the number of words in the result of the query is limited; the sensitive content in the fuzzy query result means that some sensitive content in the query result needs to be filtered.
- step S104 When the statement information satisfies the preset restriction condition, step S104 is performed; otherwise, the flow is ended.
- Step S104 Perform statement processing on the original query statement according to the preset restriction condition to obtain a target query statement.
- the statement information satisfies the preset restriction condition, it indicates that the current original query statement needs to be restricted.
- the result of the current statement is processed to conform to the constraint of the preset restriction condition.
- processing the original query statement may refer to adding a statement or deleting some statements in the original query statement, and the purpose of limiting the query has been achieved.
- Step S105 Send the target query statement to the preset server, so that the preset server returns the query content corresponding to the target query statement.
- the target query statement obtained after processing can be directly sent to the server, so that the server queries the corresponding query query according to the target query statement, and sends the query content obtained by the query to the query query content.
- the sender of the target query statement for example, the aforementioned client.
- the data query control method provided by the embodiment of the present invention firstly performs statement analysis on the original query statement to obtain statement information that can represent the meaning of the original query statement, and then determines whether the statement information satisfies a specific preset restriction condition, once satisfied
- the preset constraint condition is processed according to the pre-restricted condition to obtain the processed target query statement, and finally the target query statement is sent to the server for query.
- the data query is performed by using the method
- the original query statement input by the user is not directly used to query the database, but after the original query statement is obtained, the processing is performed.
- Querying which can make the user unable to query any data in the database, but can only query some specific data, so it can avoid leaking information that does not belong to the user and improve the security of the data query.
- the method provided by the embodiment of the present invention may further include the following steps:
- Step S106 Send the original query statement to the preset server, so that the preset server returns the query content corresponding to the original query statement.
- the data query can be directly performed according to the original query statement. Therefore, in this step, the original query statement is directly sent. Send to the default server so that the server can find the data exactly according to the original query.
- step S102 in the embodiment shown in FIG. 1 may include the following steps.
- Step S201 Determine a statement format of the original query statement.
- the statement format of the query statement is different for different databases.
- Step S202 Acquire a lexical library, a grammar library, and a semantic library corresponding to the statement format.
- a lexical library, a grammar library, and a semantic library corresponding to the statement format may be preset, so that the query statement can be analyzed after the query statement is obtained.
- Step S203 Perform lexical analysis on the original query statement by using the lexical library to obtain all words and symbols included in the original query statement.
- SQL Structured Query Language
- the above table is a data table in the data, the name of the table is "Dept".
- the table contains sales data and scores for different departments. DeptNo, deptName, sales, score are the different columns in the table, deptNo is the department number, deptName is the department name, sales is the sales volume, and score is the score.
- Table 2 is the permission table, where userID represents the user ID, resource represents the department number in the table, and access: indicates access.
- the resulting phrase includes: [select, deptNo, deptName, sales, score, from, dept] and the like.
- Step S204 Perform syntax analysis on all the obtained words and symbols by using the grammar library to obtain a syntax tree corresponding to the original query statement.
- a plurality of nodes are included on the syntax tree.
- FIG. 4 it is a schematic structural diagram of a syntax tree obtained by analyzing the above query statement.
- Step S205 Perform semantic analysis using each node on the syntax tree to obtain semantic information of each node in the syntax tree.
- Root is the root node, under the root node is the query instruction word, and then points to the object.
- the meaning expressed by the original query statement, that is, the statement information can be obtained.
- Step S206 using the syntax tree and the voice information of each node in the syntax tree as the statement information.
- step S104 may include the following steps.
- Step S301 Generate a restriction statement corresponding to the preset condition.
- the improved syntax tree allows the user to access only d001 and d002.
- the following restriction statements can be generated:
- Step S302 Add the restriction statement to the original query statement as the target query statement.
- the restriction statement is generated in step S02, the restriction statement is directly added to the original query statement to obtain the target query statement, for example:
- the query content finally obtained by the user 001 can only have the data of d001 and d002, and no more data of d003 and d004.
- the preset restriction condition is: fuzzy content in the query result.
- deptNo deptMD5No deptName Sales Score D001 00003210fds Sales 10000 1.2 D002 00003210faw Human Resources 5000 0.9
- the list of deptNo is sensitive information. Therefore, when querying the dept table, the contents of the list of deptNo in the query result are deleted, and sensitive information is removed.
- deptMD5No as deptNo
- deptMD5No as deptNo, deptName, sales, score from dept.
- deptNo deptName Sales Score 00003210fds Sales 10000 1.2 00003210faw Human Resources 5000 0.9 00003210gfd Purchasing Department 8000 1.1 00003210kgf Information Department 7000 1.0
- FIG. 8 is a schematic structural diagram of a data query control apparatus according to an embodiment of the present invention. As shown in Figure 8.
- the device can include:
- the statement obtaining module 11 is configured to obtain an original query sentence input by the user.
- the statement analysis module 12 is configured to perform statement analysis on the original query statement to obtain statement information corresponding to the original query statement.
- the information judging module 13 is configured to determine whether the statement information meets a preset restriction condition.
- the statement processing module 14 is configured to perform a statement processing on the original query statement according to the preset constraint condition when the statement information satisfies the preset constraint condition, to obtain a target query statement.
- the sending module 15 is configured to send the target query statement to the preset server, so that the preset server returns the query content corresponding to the target query statement.
- the statement forwarding module 15 is further configured to: when the statement information does not meet the preset restriction condition, send the original query statement to the preset server, so as to enable the The preset server returns the query content corresponding to the original query statement.
- the statement analysis module 12 shown in FIG. 8 includes:
- the format determining sub-module 121 is configured to determine a statement format of the original query statement.
- the obtaining sub-module 122 is configured to obtain a lexical library, a grammar library, and a semantic library corresponding to the statement format.
- the lexical analysis sub-module 123 is configured to perform lexical analysis on the original query statement by using the lexical library to obtain all words and symbols included in the original query statement.
- the syntax analysis sub-module 124 is configured to perform syntax analysis on all the obtained words and symbols by using the grammar library to obtain a syntax tree corresponding to the original query statement.
- the syntax tree contains a plurality of nodes.
- the semantic analysis sub-module 125 is configured to perform semantic analysis by using each node on the syntax tree to obtain semantic information of each node in the syntax tree.
- the determining submodule 126 is configured to use the syntax tree and the voice information of each node in the syntax tree as the statement information.
- the statement processing module 14 shown in FIG. 8 includes:
- the restriction statement generation sub-module 141 is configured to generate a restriction statement corresponding to the preset condition.
- the statement binding module 142 is configured to add the restriction statement to the original query statement as the target query statement.
- the embodiment of the invention further provides a data query control device, comprising:
- a memory for storing processor executable instructions
- processor is configured to:
- the original query statement is processed according to the preset restriction condition to obtain a target query statement;
- the embodiment of the present invention further provides a computer storage medium, wherein the computer storage medium can store a program, and when the program is executed, the implementation manners of the data query control method provided by the embodiment shown in FIG. 1 to FIG. 7 can be implemented. Part or all of the steps.
Landscapes
- Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Mathematical Physics (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
一种数据查询控制方法及装置,所述方法包括:获取用户输入的原始查询语句(S101);对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息(S102);判断所述语句信息是否满足预设限制条件(S103);当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句(S104);将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容(S105)。该方法进行数据查询时,不是按照用户输入的原始查询语句直接对数据库进行查询,而是在得到原始查询语句后,进行加工后再进行查询,这样避免将不属于该用户的信息泄露,提高数据查询的安全性。
Description
本申请要求于2015年12月15日提交中国专利局、申请号为201510939191.2、发明名称为“数据查询控制方法及装置”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。
本发明涉及数据处理技术领域,尤其涉及一种数据查询控制方法及装置。
在对关系数据库进行数据查询时,需要利用数据库查询语句,例如结构化查询语句(Structured Query Language,简称为SQL),展开相应的数据查询。
目前,利用数据库查询语句进行数据查询的方法主要有两种:一种是静态查询,另外一种是动态查询,无论哪种查询方式,都需要用户向前台交互系统输入查询语句,然后交互系统将查询语句发送给数据库系统进行查询。
但对于多用户的数据库系统而言,不同用户具有的查询权限不同,如果交互系统仅仅将用户输入的查询语句简单转发给数据库查询系统,那么很可能将不属于该用户的信息泄露。
发明内容
为克服相关技术中存在的问题,本发明提供一种数据查询控制方法及装置。
根据本发明实施例的第一方面,提供一种数据查询控制方法,包括:
获取用户输入的原始查询语句;
对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;
判断所述语句信息是否满足预设限制条件;
当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;
将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
可选地,所述方法还包括:
当所述语句信息不满足所述预设限制条件时,将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
可选地,所述对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息,包括:
确定所述原始查询语句的语句格式;
获取与所述语句格式对应的词法库、语法库和语义库;
利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号;
利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树;所述语法树包含多个节点;
利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息;
将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
可选地,所述预设限制条件包括:查询权限、查询结果条数限制和/或查询结果字数限制。
可选地,所述根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句,包括:
生成与所述预设条件相对应的限制语句;
将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
根据本发明实施例的第二方面,提供一种数据查询控制装置,其特征在于,包括:
语句获取模块,用于获取用户输入的原始查询语句;
语句分析模块,用于对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;
信息判断模块,用于判断所述语句信息是否满足预设限制条件;
语句加工模块,用于当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;
发送模块,用于将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
可选地,其特征在于,
所述发送模块,还用于当所述语句信息不满足所述预设限制条件时,将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
可选地,所述语句分析模块包括:
格式确定子模块,用于确定所述原始查询语句的语句格式;
获取子模块,用于获取与所述语句格式对应的词法库、语法库和语义库;
词法分析子模块,用于利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号;
语法分析子模块,用于利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树;所述语法树包含多个节点;
语义分析子模块,用于利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息;
确定子模块,用于将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
可选地,所述预设限制条件包括:查询权限、查询结果条数限制和/或查询结果字数限制。
可选地,所述语句加工模块,包括:
限制语句生成子模块,用于生成与所述预设条件相对应的限制语句;
语句结合模块,用于将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
根据本发明实施例的第三方面,还提供了一种数据查询控制装置,包括:
处理器;
用于存储处理器可执行指令的存储器;
其中,所述处理器被配置为:
获取用户输入的原始查询语句;
对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;
判断所述语句信息是否满足预设限制条件;
当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;
将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
根据本发明实施例的第四方面,还提供了一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时可实现本发明第一方面提供的数据查询控制方法的各实现方式中的部分或全部步骤。
本发明的实施例提供的技术方案可以包括以下有益效果:
本发明实施例提供的该数据查询控制方法,,首先对该原始查询语句进行语句分析,得到可以表征该原始查询语句意思的语句信息,然后判断该语句信息是否满足特定的预设限制条件,一旦满足预设限制条件,按照和该预先限制条件对应的方式对该原始查询语句进行加工,得到加工后的目标查询语句,并最终将目标查询语句发送给服务器,进行查询。
因此,利用该方法在进行数据查询时,在用户需要对服务器中的数据库进行查询时,不是按照用户输入的原始查询语句直接对数据库进行查询,而是在得到原始查询语句后,进行加工后再进行查询,这样可以使得用户无法在数据库中查询任何数据,而只能查询一些特定的数据,所以,可以避免将不属于该用户的信息泄露,提高数据查询的安全性。
应当理解的是,以上的一般描述和后文的细节描述仅是示例性和解释性的,并不能限制本发明。
此处的附图被并入说明书中并构成本说明书的一部分,示出了符合本发明的实施例,并与说明书一起用于解释本发明的原理。
为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,对于本领域普通技术人员而言,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。
图1是根据一示例性实施例示出的一种数据查询控制方法的流程图;
图2是根据一示例性实施例示出的另一种数据查询控制方法的流程图;
图3为图1中步骤S102的流程示意图;
图4为本发明实施例提供的一种语法树的结构示意图;
图5为图1中步骤S104的流程示意图;
图6为本发明实施例提供的另一种语法树的结构示意图;
图7为本发明实施例提供的又一种语法树的结构示意图;
图8为本发明实施例提供的一种数据查询控制装置的结构示意图;
图9为图8中的语句分析模块的结构示意图;
图10为图8中的语句加工模块14的结构示意图。
这里将详细地对示例性实施例进行说明,其示例表示在附图中。下面的描述涉及附图时,除非另有表示,不同附图中的相同数字表示相同或相似的要素。以下示例性实施例中所描述的实施方式并不代表与本发明相一致的所有实施方式。相反,它们仅是与如所附权利要求书中所详述的、本发明的一些方面相一致的装置和方法的例子。
图1是根据一示例性实施例示出的一种数据查询控制方法的流程图,该方法可以应用于服务器中,如图1所示,该方法可以包括以下步骤。
步骤S101:获取用户输入的原始查询语句。
客户端可以通过网络与服务器相连接,在服务器中可以设置有数据库,客户端中可以运行有该数据库的查询程序或窗口,用户可以在查询程序或查询窗口内输入需要查询的语句,此时输入的语句即为原始查询语句。
对服务器中的不同的结构的数据库,用户在输入查询语句时,所输入的原始查询语句的格式需要按照所查询数据库的格式相一致,这样才可以保证所输入的原始查询语句可以被识别出来,并且从数据库中查找相应的数据。
步骤S102:对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息。
参见上述关于步骤S101的描述,输入的查询语句的格式需要与所查询的数据库的格式相同,在该步骤中,可以按照对应的格式对原始查询语句进行分析,无论哪种格式的数据库,查询语句的规则都是特定的,即查询语句中包含的内容是特定的。例如:
查询语句为:select deptNo,deptName,sales,score from dept;
其中“select”是查询动作,表示要选择,后面的“deptNo,deptName,sales,score”表示要查询的内容,“from dept”表示查询的位置。
可见,通过分析该查询语句,可以得知该查询语句的语句信息为:从“dept”选择“deptNo,deptName,sales,score”几项参数。
步骤S103:判断所述语句信息是否满足预设限制条件。
预设限制条件是对当前原始查询语句的查询进行一些限制,如果不设置预设限制条件,那么可想而知,用户可以任意输入查询语句,然后就可以从数据库中随意查找任何数据。
在本发明实施例中,预设限制条件可以包括:查询权限、查询结果条数限制、查询结果字数限制和模糊查询结果中敏感内容中的一种或多种组合,其中,查询权限是对于用户而言,每个用户能够查询的内容是有限的;查询结果条数限制是指用户在一次查询时只能查询设定条数的结果;查询结果字数限制是指用户在每次查询时,一次查询得到的结果中字数是限制的;模糊查询结果中敏感内容是指,查询结果中存在一些敏感内容需要过滤。
上述结果预设限制条件仅仅是举例说明,在具体实施时,本领域技术人员还可以根据实际情况需要自由设定其它的限制条件。
当所述语句信息满足所述预设限制条件时,执行步骤S104;否则,结束流程。
步骤S104:根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句。
如果语句信息满足预设限制条件,表明需要对当前的原始查询语句进行限制,在本发明实施例中,通过对原始语句加工的方式,来使得本次查询的结果符合预设限制条件的约束。
在本发明实施例中,对原始查询语句进行加工可以是指对在原始查询语句中增加一些语句或者删除一些语句,已达到对本次查询进行限制的目的。
步骤S105:将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
当对原始查询语句进行加工后,可以将加工后得到的目标查询语句直接发送给服务器,以使服务器中根据该目标查询语句在对应的数据库中进行查询,并且将查询得到的查询内容发送给该目标查询语句的发送方,例如:前述的客户端。
本发明实施例提供的该数据查询控制方法,首先对该原始查询语句进行语句分析,得到可以表征该原始查询语句意思的语句信息,然后判断该语句信息是否满足特定的预设限制条件,一旦满足预设限制条件,按照和该预先限制条件对应的方式对该原始查询语句进行加工,得到加工后的目标查询语句,并最终将目标查询语句发送给服务器,进行查询。
因此,利用该方法在进行数据查询时,在用户需要对服务器中的数据库进行查询时,不是按照用户输入的原始查询语句直接对数据库进行查询,而是在得到原始查询语句后,进行加工后再进行查询,这样可以使得用户无法在数据库中查询任何数据,而只能查询一些特定的数据,所以,可以避免将不属于该用户的信息泄露,提高数据查询的安全性。
在本发明一个实施例中,如图2所示,当所述语句信息不满足所述预设限制条件时,本发明实施例提供的该方法还可以包括以下步骤:
步骤S106:将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
由于原始查询语句的语句信息不满足预设限制条件,所以在查询时,可以直接按照原始查询语句进行数据查找,因此,在该步骤中,将原始查询语句直接发
送给预设服务器,以使服务器完全按照原始查询语句查找数据。
在本发明另一实施例中,如图3所示,图1所示实施例中的步骤S102可以包括以下步骤。
步骤S201:确定所述原始查询语句的语句格式。
针对不同的数据库,查询语句的语句格式均不相同。
步骤S202:获取与所述语句格式对应的词法库、语法库和语义库。
针对不同的数据库都可以预先设置有与语句格式对应的词法库、语法库和语义库,以便在得到查询语句后,可以对查询语句进行分析。
步骤S203:利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号。
在本发明实施例中,以SQL(Structured Query Language,结构化查询语言)数据库为例,下面结合一个具体的案例进行说明:
表1:
deptNo | deptName | sales | score |
d001 | 销售部 | 10000 | 1.2 |
d002 | 人力资源 | 5000 | 0.9 |
d003 | 采购部 | 8000 | 1.1 |
d004 | 信息部 | 7000 | 1.0 |
上表为数据中的一张数据表,该表的名称为“Dept”。在该表中包含有不同部门的销售数据以及得分情况,其中,deptNo,deptName,sales,score分别为表中的不同列,deptNo为部门编号,deptName为部门名称,sales为销量,score为得分。
在数据库中设置有如下限制条件,例如:
表2:
userID | resource | access |
u01 | d001 | 1 |
u01 | d002 | 1 |
表2为权限表,其中,userID表示用户ID,resource表示在该表中表示部门编号,access:表示可以访问。
通过表2可以知道,用户01具有访问d001和d002部门的权限,而不具有访问其它部门的权限。
当用户01输入的原始查询语句为:
“select deptNo,deptName,sales,score from dept”时,
表示用户01需要从“dept”表中查询所有的部门编号,部门姓名,不同部门的销量以及不同部门的得分等情况。但参见上述表2,用户01只具有访问d001和d002的权限。
因此需要对上述原始查询语句进行处理,才能避免d003和d004两个部门的数据泄露给用户01。
在该步骤中,经过词法分析,也即对原始查询语句中的所有字符进行分词,最终得到的词组包括:[select,deptNo,deptName,sales,score,from,dept]等。
步骤S204:利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树。
在本发明实施例中,在所述语法树上包含多个节点。
参见图4所述,为对上述查询语句进行分析后得到的语法树的结构示意图。
步骤S205:利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息。
从图中4可以看到,Root为根节点,在根节点之下分别为查询指令词,然后是指向对象。通过对语法树中的语义分析,可以得到该原始查询语句所表达的意思,也即语句信息。
步骤S206:将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
在本发明另一实施例中,如图5所示,上述步骤S104可以包括以下步骤。
步骤S301:生成与所述预设条件相对应的限制语句。
针对上述案例,由于用户01只具有访问d001和d002的权限,所以,需要阻止用户访问d003和d004的数据,参见图6所示,为在语法树上进行改进后的
示意图。图6中英文均为技术人员对编码代码的简写,并非英文单词,在此不再一一介绍。
从图6所示语法树可以看到,改进后的语法树可以使得用户只能访问d001和d002。根据图6所示语法树,可以生成如下限制语句:
join acl on dept.deptNo=acl.resource and acl.userID=’u01’;
步骤S302:将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
当步骤S02中生成限制语句后,直接将该限制语句加入到原始查询语句中,即可得到目标查询语句,例如:
select deptNo,deptName,sales,score from dept
join acl on dept.deptNo=acl.resource and acl.userID=’u01’
通过上述处理后,最终利用目标查询语句查询后,得到的查询结果将如下表所示。
表3:
deptNo | deptName | sales | score |
d001 | 销售部 | 10000 | 1.2 |
d002 | 人力资源 | 5000 | 0.9 |
可见,通过上述在原始查询语句中增加限制语句,可以使得用户001最终得到的查询内容只有d001和d002的数据,而不再有d003和d004的数据。
下面结合另一具体案例进行描述,在该案例中,预设限制条件为:模糊查询结果中敏感内容。
同样以dept表为例,后台提供的数据表如表4所示:
表4:
deptNo | deptMD5No | deptName | sales | score |
d001 | 00003210fds | 销售部 | 10000 | 1.2 |
d002 | 00003210faw | 人力资源 | 5000 | 0.9 |
d003 | 00003210gfd | 采购部 | 8000 | 1.1 |
d004 | 00003210kgf | 信息部 | 7000 | 1.0 |
在表4中,deptNo这一列为敏感信息,因此需要在对dept表查询时,将查询结果中的deptNo这一列内容删除,进行敏感信息去除。
对于用户01而言,假设其输入的原始查询语句为:
select deptNo,deptName,sales,score from dept;
当接收到原始查询语句后,需要对该原始查询语句进行分析,词法分析后得到的词组如下:
[select,deptNo,deptName,sales,score,from,dept]
然后对上述词组进行语法分析,得到如图4所示的语法树。
由于deptNo是敏感信息,所以需要对敏感信息进行屏蔽,在屏蔽时,可以得到如下语法树,参见图7所示。
根据上述图7所示可知,在本实施例中,最终得到的限制语句可以为:
deptMD5No as deptNo;
因此,将上述限制语句加入到历史查询语句中,最终可以得到目标查询语句为:
select deptMD5No as deptNo,deptName,sales,score from dept。
根据上述目标查询语句最终得到的查询结果可以参见表5所示:
表5:
deptNo | deptName | sales | score |
00003210fds | 销售部 | 10000 | 1.2 |
00003210faw | 人力资源 | 5000 | 0.9 |
00003210gfd | 采购部 | 8000 | 1.1 |
00003210kgf | 信息部 | 7000 | 1.0 |
从表5中可以看到,deptNo这一列的数据已经被屏蔽掉,所以用户获取到的结果中将不再显示deptNo这一列,避免信息在查询时被泄露。
图8为本发明实施例提供的一种数据查询控制装置的结构示意图。如图8所
示,该装置可以包括:
语句获取模块11,用于获取用户输入的原始查询语句。
语句分析模块12,用于对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息。
信息判断模块13,用于判断所述语句信息是否满足预设限制条件。
语句加工模块14,用于当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句。
发送模块15,用于将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
在本发明另一实施例中,前述语句转发模块15,还用于当所述语句信息不满足所述预设限制条件时,将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
在本发明一实施例,如图9所示,图8所示的语句分析模块12包括:
格式确定子模块121,用于确定所述原始查询语句的语句格式。
获取子模块122,用于获取与所述语句格式对应的词法库、语法库和语义库。
词法分析子模块123,用于利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号。
语法分析子模块124,用于利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树。所述语法树包含多个节点。
语义分析子模块125,用于利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息。
确定子模块126,用于将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
在本发明一实施例,如图10所示,图8所示的所述语句加工模块14,包括:
限制语句生成子模块141,用于生成与所述预设条件相对应的限制语句。
语句结合模块142,用于将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
本发明实施例还提供了一种数据查询控制装置,包括:
处理器;
用于存储处理器可执行指令的存储器;
其中,所述处理器被配置为:
获取用户输入的原始查询语句;
对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;
判断所述语句信息是否满足预设限制条件;
当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;
将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
本发明实施例还提供了一种计算机存储介质,其中,该计算机存储介质可存储有程序,该程序执行时可实现图1-图7所示实施例提供的数据查询控制方法的各实现方式中的部分或全部步骤。
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的技术人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。
Claims (10)
- 一种数据查询控制方法,其特征在于,包括:获取用户输入的原始查询语句;对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;判断所述语句信息是否满足预设限制条件;当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:当所述语句信息不满足所述预设限制条件时,将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
- 根据权利要求1所述的方法,其特征在于,所述对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息,包括:确定所述原始查询语句的语句格式;获取与所述语句格式对应的词法库、语法库和语义库;利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号;利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树;所述语法树包含多个节点;利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息;将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
- 根据权利要求1所述的方法,其特征在于,所述预设限制条件包括: 查询权限、查询结果条数限制和/或查询结果字数限制。
- 根据权利要求4所述的方法,其特征在于,所述根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句,包括:生成与所述预设条件相对应的限制语句;将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
- 一种数据查询控制装置,其特征在于,包括:语句获取模块,用于获取用户输入的原始查询语句;语句分析模块,用于对所述原始查询语句进行语句分析,得到与所述原始查询语句对应的语句信息;信息判断模块,用于判断所述语句信息是否满足预设限制条件;语句加工模块,用于当所述语句信息满足所述预设限制条件时,根据所述预设限制条件对所述原始查询语句进行语句加工,得到目标查询语句;发送模块,用于将所述目标查询语句发送给预设服务器,以使所述预设服务器返回与所述目标查询语句对应的查询内容。
- 根据权利要求6所述的装置,其特征在于,所述发送模块,还用于当所述语句信息不满足所述预设限制条件时,将所述原始查询语句发送给所述预设服务器,以使所述预设服务器返回与所述原始查询语句对应的查询内容。
- 根据权利要求6所述的装置,其特征在于,所述语句分析模块包括:格式确定子模块,用于确定所述原始查询语句的语句格式;获取子模块,用于获取与所述语句格式对应的词法库、语法库和语义库;词法分析子模块,用于利用所述词法库对所述原始查询语句进行词法分析,得到所述原始查询语句中包含的所有词语及符号;语法分析子模块,用于利用所述语法库对得到的所有词语和符号进行语法分析,得到与所述原始查询语句对应的语法树;所述语法树包含多个节点;语义分析子模块,用于利用所述语法树上每个节点进行语义分析,得到所述语法树中每个节点的语义信息;确定子模块,用于将所述语法树以及所述语法树中每个节点的语音信息作为所述语句信息。
- 根据权利要求6所述的装置,其特征在于,所述预设限制条件包括:查询权限、查询结果条数限制和/或查询结果字数限制。
- 根据权利要求4所述的方法,其特征在于,所述语句加工模块,包括:限制语句生成子模块,用于生成与所述预设条件相对应的限制语句;语句结合模块,用于将所述限制语句加入到所述原始查询语句中作为所述目标查询语句。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/241,972 US20170169102A1 (en) | 2015-12-15 | 2016-08-19 | Method and electronic device for controlling data query |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510939191.2 | 2015-12-15 | ||
CN201510939191.2A CN105868249A (zh) | 2015-12-15 | 2015-12-15 | 数据查询控制方法及装置 |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US15/241,972 Continuation US20170169102A1 (en) | 2015-12-15 | 2016-08-19 | Method and electronic device for controlling data query |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2017101398A1 true WO2017101398A1 (zh) | 2017-06-22 |
Family
ID=56623688
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/089283 WO2017101398A1 (zh) | 2015-12-15 | 2016-07-07 | 数据查询控制方法及装置 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN105868249A (zh) |
WO (1) | WO2017101398A1 (zh) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111177182A (zh) * | 2019-12-19 | 2020-05-19 | 达闼科技成都有限公司 | 数据查询方法和装置、存储介质和电子设备 |
CN111444227A (zh) * | 2020-04-15 | 2020-07-24 | 中国银行股份有限公司 | 一种查询需求的处理方法及系统 |
CN114640668A (zh) * | 2022-03-14 | 2022-06-17 | 携程旅游网络技术(上海)有限公司 | 桌面用户端密码查询方法、系统、电子设备及存储介质 |
Families Citing this family (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108228666A (zh) * | 2016-12-22 | 2018-06-29 | 成都启典移动医疗系统设备有限公司 | 一种医疗数据库查询方法、装置及车载医疗系统 |
CN107403104A (zh) * | 2017-06-22 | 2017-11-28 | 努比亚技术有限公司 | 一种实现数据表查询限制的装置和方法 |
CN110020006B (zh) * | 2017-07-27 | 2021-04-27 | 北京国双科技有限公司 | 查询语句的生成方法及相关设备 |
CN110555039A (zh) * | 2018-03-29 | 2019-12-10 | 武汉斗鱼网络科技有限公司 | 数据查询控制方法、存储介质、设备及系统 |
CN110162538B (zh) * | 2019-04-19 | 2024-03-01 | 平安科技(深圳)有限公司 | 自动生成通用查询语言cql的方法、装置和计算机设备 |
CN112035506A (zh) * | 2019-10-28 | 2020-12-04 | 竹间智能科技(上海)有限公司 | 一种语义识别方法及其设备 |
CN111782781A (zh) * | 2020-05-29 | 2020-10-16 | 平安科技(深圳)有限公司 | 一种语义分析方法、装置、计算机设备及存储介质 |
CN112416962A (zh) * | 2020-11-06 | 2021-02-26 | 北京偶数科技有限公司 | 数据查询方法、装置以及存储介质 |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601524A (zh) * | 2003-09-25 | 2005-03-30 | 鸿富锦精密工业(深圳)有限公司 | 模糊查询系统及方法 |
US20050177556A1 (en) * | 2004-02-10 | 2005-08-11 | Microsoft Corporation | Systems and methods for transforming SQL syntax trees into relational algebra representations |
US20060224576A1 (en) * | 2005-04-04 | 2006-10-05 | Oracle International Corporation | Effectively and efficiently supporting XML sequence type and XQuery sequence natively in a SQL system |
CN101667190A (zh) * | 2009-09-29 | 2010-03-10 | 天津大学 | 基于XQuery的查询引擎系统 |
CN103116649A (zh) * | 2013-02-28 | 2013-05-22 | 用友软件股份有限公司 | 数据分析系统和数据分析方法 |
CN103593410A (zh) * | 2013-10-22 | 2014-02-19 | 上海交通大学 | 通过替换概念性词语进行搜索推荐系统 |
-
2015
- 2015-12-15 CN CN201510939191.2A patent/CN105868249A/zh active Pending
-
2016
- 2016-07-07 WO PCT/CN2016/089283 patent/WO2017101398A1/zh active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601524A (zh) * | 2003-09-25 | 2005-03-30 | 鸿富锦精密工业(深圳)有限公司 | 模糊查询系统及方法 |
US20050177556A1 (en) * | 2004-02-10 | 2005-08-11 | Microsoft Corporation | Systems and methods for transforming SQL syntax trees into relational algebra representations |
US20060224576A1 (en) * | 2005-04-04 | 2006-10-05 | Oracle International Corporation | Effectively and efficiently supporting XML sequence type and XQuery sequence natively in a SQL system |
CN101667190A (zh) * | 2009-09-29 | 2010-03-10 | 天津大学 | 基于XQuery的查询引擎系统 |
CN103116649A (zh) * | 2013-02-28 | 2013-05-22 | 用友软件股份有限公司 | 数据分析系统和数据分析方法 |
CN103593410A (zh) * | 2013-10-22 | 2014-02-19 | 上海交通大学 | 通过替换概念性词语进行搜索推荐系统 |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111177182A (zh) * | 2019-12-19 | 2020-05-19 | 达闼科技成都有限公司 | 数据查询方法和装置、存储介质和电子设备 |
CN111444227A (zh) * | 2020-04-15 | 2020-07-24 | 中国银行股份有限公司 | 一种查询需求的处理方法及系统 |
CN114640668A (zh) * | 2022-03-14 | 2022-06-17 | 携程旅游网络技术(上海)有限公司 | 桌面用户端密码查询方法、系统、电子设备及存储介质 |
Also Published As
Publication number | Publication date |
---|---|
CN105868249A (zh) | 2016-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2017101398A1 (zh) | 数据查询控制方法及装置 | |
US9959311B2 (en) | Natural language interface to databases | |
US11334692B2 (en) | Extracting a knowledge graph from program source code | |
US10169471B2 (en) | Generating and executing query language statements from natural language | |
EP3514694B1 (en) | Query translation | |
US10019437B2 (en) | Facilitating information extraction via semantic abstraction | |
US8380645B2 (en) | Method and system to enable inferencing for natural language queries of configuration management databases | |
US20170075904A1 (en) | System and method of extracting linked node graph data structures from unstructured content | |
US10191946B2 (en) | Answering natural language table queries through semantic table representation | |
US20170083615A1 (en) | Robust and Readily Domain-Adaptable Natural Language Interface to Databases | |
US10102246B2 (en) | Natural language consumer segmentation | |
US9218334B2 (en) | Pronounceable domain names | |
US11210345B2 (en) | Using distributed state machines for human-to-computer dialogs with automated assistants to protect private data | |
US20180365334A1 (en) | Enhanced web browsing | |
US10552781B2 (en) | Task transformation responsive to confidentiality assessments | |
WO2023231341A1 (zh) | 数据资产风险发现方法和装置 | |
CN114328574A (zh) | 一种数据查询方法、装置、电子设备及计算机可读存储介质 | |
CN107292188A (zh) | 一种控制用户访问权限的方法和装置 | |
CN114254389A (zh) | 报文脱敏方法、装置、电子设备及介质 | |
CN117407414A (zh) | 结构化查询语句的处理方法、装置、设备、介质 | |
CN115906086A (zh) | 基于代码属性图的网页后门检测方法、系统及存储介质 | |
CN111475534A (zh) | 一种数据查询方法及相关设备 | |
US11128653B1 (en) | Automatically generating a machine-readable threat model using a template associated with an application or service | |
US11586696B2 (en) | Enhanced web browsing | |
US11061748B2 (en) | Systems, methods, and devices for code distribution and integration within a distributed computing platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16874460 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16874460 Country of ref document: EP Kind code of ref document: A1 |