weixin_38721378 2018-02-24 14:49 采纳率: 0%
浏览 1759
已结题

ssm,insert时出现的问题,其他配置感觉没错啊,update能成功,求大佬帮助啊

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.jdbc.UncategorizedSQLException:

Error updating database. Cause: java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,

  publisher, c_detail)
  values (?, ?, 
  ?, ?)

SQL: insert into comment (m_id, c_createtime, publisher, c_detail) values (?, ?, ?, ?)

Cause: java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,

  publisher, c_detail)
  values (?, ?, 
  ?, ?)

; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?); nested exception is java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:973)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

root cause

这时xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >















select *
from comment,user
where m_id = #{cId,jdbcType=INTEGER}
and comment.publisher = user.id


delete from comment
where c_id = #{cId,jdbcType=INTEGER}


insert into comment (c_id, m_id, c_createtime,
publisher, c_detail)
values (#{cId,jdbcType=INTEGER}, #{mId,jdbcType=INTEGER}, #{cCreatetime,jdbcType=TIMESTAMP},
#{publisher.id,jdbcType=INTEGER}, #{cDetail,jdbcType=LONGVARCHAR});


insert into comment


m_id,


c_createtime,


publisher,


c_detail,




#{mId,jdbcType=INTEGER},


#{cCreatetime,jdbcType=TIMESTAMP},


#{publisher.id,jdbcType=INTEGER},


#{cDetail,jdbcType=LONGVARCHAR},




update comment


c_createtime = #{cCreatetime,jdbcType=TIMESTAMP},


comment.publisher = #{publisher.id},


c_detail = #{cDetail,jdbcType=LONGVARCHAR},


where c_id = #{cId,jdbcType=INTEGER}

  • 写回答

12条回答 默认 最新

  • s3578505 2018-02-24 14:59
    关注

    是sql写错了吧

    insert into comment values(?,?,?,?);

    试了么?

    评论

报告相同问题?

悬赏问题

  • ¥20 delta降尺度方法,未来数据怎么降尺度
  • ¥15 c# 使用NPOI快速将datatable数据导入excel中指定sheet,要求快速高效
  • ¥15 高德地图点聚合中Marker的位置无法实时更新
  • ¥15 DIFY API Endpoint 问题。
  • ¥20 sub地址DHCP问题
  • ¥15 delta降尺度计算的一些细节,有偿
  • ¥15 Arduino红外遥控代码有问题
  • ¥15 数值计算离散正交多项式
  • ¥30 数值计算均差系数编程
  • ¥15 redis-full-check比较 两个集群的数据出错