org.springframework.web.util.NestedServletException: Request processing failed; nested exception is org.springframework.jdbc.UncategorizedSQLException:
Error updating database. Cause: java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?)
SQL: insert into comment (m_id, c_createtime, publisher, c_detail) values (?, ?, ?, ?)
Cause: java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?)
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?); nested exception is java.sql.SQLException: sql injection violation, error COMMENT : insert into comment (m_id, c_createtime,
publisher, c_detail)
values (?, ?,
?, ?)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:973)
org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:863)
javax.servlet.http.HttpServlet.service(HttpServlet.java:648)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:837)
javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
root cause
这时xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
select *
from comment,user
where m_id = #{cId,jdbcType=INTEGER}
and comment.publisher = user.id
delete from comment
where c_id = #{cId,jdbcType=INTEGER}
insert into comment (c_id, m_id, c_createtime,
publisher, c_detail)
values (#{cId,jdbcType=INTEGER}, #{mId,jdbcType=INTEGER}, #{cCreatetime,jdbcType=TIMESTAMP},
#{publisher.id,jdbcType=INTEGER}, #{cDetail,jdbcType=LONGVARCHAR});
insert into comment
m_id,
c_createtime,
publisher,
c_detail,
#{mId,jdbcType=INTEGER},
#{cCreatetime,jdbcType=TIMESTAMP},
#{publisher.id,jdbcType=INTEGER},
#{cDetail,jdbcType=LONGVARCHAR},
update comment
c_createtime = #{cCreatetime,jdbcType=TIMESTAMP},
comment.publisher = #{publisher.id},
c_detail = #{cDetail,jdbcType=LONGVARCHAR},
where c_id = #{cId,jdbcType=INTEGER}