Jfinal报错sql injection violation, multi-statement not allow

Jfinal报错：

com.jfinal.plugin.activerecord.ActiveRecordException: java.sql.SQLException: sql injection violation, multi-statement not allow

public List<WarningFormDoc> findDocByPatrolRecordId(String patrolRecordId){
   String sql="select * from warning_form_doc where PATROL_RECORD_ID = " + patrolRecordId;
   return WarningFormDoc.dao.find(sql);
}

改为：

public List<WarningFormDoc> findDocByPatrolRecordId(String patrolRecordId){
   String sql="select * from warning_form_doc where PATROL_RECORD_ID = ?";
   return WarningFormDoc.dao.find(sql, patrolRecordId);
}

原因可能存在sql注入报错；

posted on 2018-08-17 10:59 小甜瓜安东泥阅读(1781) 评论(0) 收藏举报

刷新页面返回顶部

小甜瓜安东泥

Jfinal报错sql injection violation, multi-statement not allow

导航

公告