druid 1.0.27版本报错sql injection violation

会炒饭的美工 发布于 2017/01/07 12:40
阅读 302
收藏 0
com.jfinal.plugin.activerecord.ActiveRecordException: java.sql.SQLException: sql injection violation, syntax error: Error : OPEN : select d.dictId as id,    d.dictName as name,    d.pdictId as parentId, 'false' as open, d.dictType, d.id as primaryId   from t_sys_dict d 
at com.jfinal.plugin.activerecord.DbPro.find(DbPro.java:315)
at com.jfinal.plugin.activerecord.DbPro.find(DbPro.java:326)
at com.jfinal.plugin.activerecord.Db.find(Db.java:233)
at framework.impl.DictServiceImpl.initDictTree(DictServiceImpl.java:49)
加载中
0
会炒饭的美工
会炒饭的美工
在druid 1.0.13版本中无此问题!已经回退到这个版本了!
0
会炒饭的美工
会炒饭的美工

第二种解决方案 将查询语句中用到的关键字用``号围起来!

select d.dictId as id,    d.dictName as name,    d.pdictId as parentId, 'false' as `open`, d.dictType, d.id as primaryId   from t_sys_dict d 

返回顶部
顶部