java.sql.SQLException: sql injection violation, multi-statement not allow : update news_article
set status=3
where status=2 and now() between effective_time and invalid_time;
update news_article
set status=4
where status=3 and invalid_time < now()
at com.alibaba.druid.wall.WallFilter.checkInternal(WallFilter.java:808)
at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:259)
at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:568)
at com.alibaba.druid.filter.FilterAdapter.connection_prepareStatement(FilterAdapter.java:930)
<update id="UpdateArticleStatusOnLineTiming">
update news_article set status=3 where status=2 and now() between effective_time and invalid_time;
update news_article set status=4 where status=3 and invalid_time < now();
</update>
解答: 不容许多条sql语句 ,
第一种方式:
<update id="UpdateArticleStatusOnLineTiming">
update article set status=3 where status=2 and now() between effective_time and invalid_time;
</update>
<update id="UpdateArticleStatusOffLineTiming"> update article set status=4 where status=3 and invalid_time < now() </update>
第二张方式 修改配置 参考