org.springframework.jdbc.UncategorizedSQLException:
### Error updating database. Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :……
数据库操作报上面的错误,是由于Druid连接池开启了SQL注入防火墙。
原来批量删除记录是按主键,做循环删除,原以为这样偷懒就搞定了,结果被Druid挡住。老老实实的写批量删除吧,用的是Mybatis:
<delete id="deleteBatch" parameterType="java.lang.String">
delete from table1
where id IN (
<foreach collection="list" item="item" separator=",">
#{item.stuId,jdbcType=VARCHAR}
</foreach>
)
</delete>
mapper类中这么写:
int deleteBatch(@Param("list") List<Student> list);
另外,插入操作也存在类似问题,需要批量处理,示例:
<insert id="insertBatch" >
insert into table1 (id, col1, col2) values
<foreach collection="list" item="item" separator=",">
(
#{item.id,jdbcType=VARCHAR},
#{item.stuName,jdbcType=VARCHAR},
#{item.stuAge,jdbcType=VARCHAR}
)
</foreach>
</insert>
mapper类中这么写:
int insertBatch(@Param("list") List<Student> list);