记一次druid 数据库连接池遇到 union或者union all语句时报错以及处理

报错日志大概如下:

## Error updating database.  Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :'     UNION ALL  
          ( select', expect UNION, actual UNION pos 1017, line 54, column 13, token UNION : insert into order_info
        (
        customer_id,
        order_id,
        
        is_reissue
        )
        
          ( select
          ?,
         
          ?,
          ?,
          ?
          from  dual where not exists
             (  select order_no from order_info where order_no = ? and customer_id = ?)
          )
        UNION ALL  
          ( select
          ?,
          
          ?,
          ?,
          ?
          from  dual where not exists
             (  select order_no from order_info where order_no = ? and customer_id = ?)
          )
  <insert id="batchInsert" parameterType="java.util.List">
        insert into order_info (customer_id,order_id,order_no,order_item_id, sku,shop_sku,goods_name,goods_num,logistics_company,waybill_no,order_child_no)
      <foreach collection="list" item="item" index="index" separator=" UNION ALL ">
          (select
          #{item.customerId},#{item.orderId}, #{item.orderNo},#{item.orderItemId}, #{item.sku},#{item.shopSku},
          #{item.goodsName},#{item.goodsNum},#{item.logisticsCompany},#{item.waybillNo},#{item.orderChildNo}
          from dual where not exists
          (select order_no from order_info where order_no = #{item.orderNo} and customer_id = #{item.customerId}))
      </foreach>
    </insert>

在代码中,写法如上,解决方式,只要将foreach里面的外层括号去掉即可

  <insert id="batchInsert" parameterType="java.util.List">
        insert into order_info (customer_id,order_id,order_no,order_item_id, sku,shop_sku,goods_name,goods_num,logistics_company,waybill_no,order_child_no)
      <foreach collection="list" item="item" index="index" separator=" UNION ALL ">
          select
          #{item.customerId},#{item.orderId}, #{item.orderNo},#{item.orderItemId}, #{item.sku},#{item.shopSku},
          #{item.goodsName},#{item.goodsNum},#{item.logisticsCompany},#{item.waybillNo},#{item.orderChildNo}
          from dual where not exists
          (select order_no from order_info where order_no = #{item.orderNo} and customer_id = #{item.customerId})
      </foreach>
    </insert>

有括号时在druid里会报错,但你在navicat里运行sql就不会报错

 

posted @ 2023-02-28 15:34  yangxiaohui227  阅读(259)  评论(0编辑  收藏  举报