使用Mybatis插入数据时,由于粗心书写错误导致出现Cause: java.sql.SQLException: sql injection violation异常,SQL语句如下:
<insert id="insertProduct"
parameterType="com.isoftstone.product.entity.ProductBean">
insert into mmall_product
(
<include refid="baseInsertSql"/>
)
values (
#{productId}, #{categoryId}, #{productName}, ${subtitle},
#{mainImage}, #{subImages}, #{detail}, #{productPrice},
#{stock}, #{status},
<choose>
<when test="createTime != null">
#{createTime},
</when>
<otherwise>
now(),
</otherwise>
</choose>
<choose>
<when test="updateTime != null">
#{updateTime}
</when>
<otherwise>
now()
</otherwise>
</choose>
)
</insert>
异常详细堆栈信息如下:
org.springframework.jdbc.UncategorizedSQLException:
### Error updating database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error. pos 237, line 9, column 26, token IDENTIFIER phone : insert into mmall_product
(
id, category_id, name, subtitle, main_image, sub_images,
detail, price, stock, status, create_time, update_time
)
values (
?, ?, ?, hello phone,
?, ?, ?, ?,
?, ?,
now(),
now()
)
### SQL: insert into mmall_product ( id, category_id, name, subtitle, main_image, sub_images, detail, price, stock, status, create_time, update_time ) values ( ?, ?, ?, hello phone, ?, ?, ?, ?, ?, ?, now(), now() )
### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error. pos 237, line 9, column 26, token IDENTIFIER phone : insert into mmall_product
(
id, category_id, name, subtitle, main_image, sub_images,
detail, price, stock, status, create_time, update_time