diff --git a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
index 80d9b9d1dc..d97a0133f0 100644
--- a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
+++ b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
@@ -1,5 +1,6 @@
 package io.dataease.commons.filter;
 
+import io.dataease.commons.exception.DEException;
 import io.dataease.commons.holder.ThreadLocalContextHolder;
 import io.dataease.commons.wrapper.XssAndSqlHttpServletRequestWrapper;
 import org.apache.commons.lang3.StringUtils;
@@ -42,9 +43,10 @@ public class SqlFilter implements Filter {
                 if (xssRequest.checkXSSAndSql(param)) {
                     response.setCharacterEncoding("UTF-8");
                     response.setContentType("application/json;charset=UTF-8");
-                    PrintWriter out = response.getWriter();
+                    // PrintWriter out = response.getWriter();
                     String msg = ThreadLocalContextHolder.getData().toString();
-                    out.write(msg);
+                    // out.write(msg);
+                    DEException.throwException(msg);
                     return;
                 }
             }
@@ -52,9 +54,10 @@ public class SqlFilter implements Filter {
         if (xssRequest.checkParameter()) {
             response.setCharacterEncoding("UTF-8");
             response.setContentType("application/json;charset=UTF-8");
-            PrintWriter out = response.getWriter();
+            // PrintWriter out = response.getWriter();
             String msg = ThreadLocalContextHolder.getData().toString();
-            out.write(msg);
+            // out.write(msg);
+            DEException.throwException(msg);
             return;
         }
         chain.doFilter(xssRequest, response);