mybatis自动生成的mapper.xml出错,错误信息如下
### Error querying database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'like "%"?"%"',expect QUES, actual QUES % : select count(*) from t_miner_recycle_whitelist
WHERE user_id like "%"?"%"
### The error may exist in file [G:\codes\java\bitmain\base-common-service-web\target\classes\mapper\MinerRecycleWhitelistMapper.xml]
### The error may involve com.bitmain.shop.base.mapper.MinerRecycleWhitelistMapper.getCountByParam
### The error occurred while executing a query
### SQL: select count(*) from t_miner_recycle_whitelist WHERE user_id like "%"?"%"
### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'like "%"?"%"',expect QUES, actual QUES % : select count(*) from t_miner_recycle_whitelist
WHERE user_id like "%"?"%"
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :'like "%"?"%"',expect QUES, actual QUES % : select count(*) from t_miner_recycle_whitelist
WHERE user_id like "%"?"%"; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'like "%"?"%"',expect QUES, actual QUES % : select count(*) from t_miner_recycle_whitelist
WHERE user_id like "%"?"%"
查看xml文件
<sql id="join_list_where">
<if test="userId != null and userId != '' ">
AND user_id like "%"#{userId}"%"
</if>
<if test="userType !=null and userType!= '' ">
AND user_type like "%"#{userType}"%"
</if>
<if test="creator !=null and creator!= '' ">
AND creator like "%"#{creator}"%"
</if>
</sql>
改为${}拼接的方式则可以:
<sql id="join_list_where">
<if test="userId != null and userId != '' ">
AND user_id like '%'${userId}%'
</if>
<if test="userType !=null and userType!= '' ">
AND user_type like '%'#{userType}'%'
</if>
<if test="creator !=null and creator!= '' ">
AND creator like '%'#{creator}'%'
</if>
</sql>
这种拼接方式为什么会有问题?
据说是druid连接池的bug,不知道是否准确,暂做记录。
扫一扫
409
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
