Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

java.sql.SQLException: sql injection violation, dbType mysql, druid-version 1.2.16, multi-statement not allow #5937

Open
8debug opened this issue May 23, 2024 · 1 comment
Open

java.sql.SQLException: sql injection violation, dbType mysql, druid-version 1.2.16, multi-statement not allow #5937

8debug opened this issue May 23, 2024 · 1 comment

Comments

@8debug
Copy link

8debug commented May 23, 2024

mysql 8.0
druid 1.2.16
springboot 2.1.8
mybatis-plus 3.1.2

问题sql语句

<insert id="overwriteData">
        replace into pdd_account_order(shop_name, order_id, money, account_create_time, style_id, materials_name, materials_num, materials_money, is_divisible)
        with pdd_account as (
            select shop_name, order_id, create_time, income, pay, account_type
            from pdd_account_excel a
            where a.account_type in ('交易收入', '退款')
            group by shop_name, order_id, create_time, income, pay, account_type
        )
        , pdd_account_res as (
            select a.shop_name, a.order_id, sum(a.income + a.pay) as money, max(create_time) as create_time
            from pdd_account a
            group by a.shop_name, a.order_id
        )
        , pdd_order as (
            select shop_name, order_id, num, style_id
            from pdd_order_excel o
            group by shop_name, order_id, num, style_id
        )
        , pdd_order_res as (
            select o.shop_name, o.order_id, o.style_id, ifnull(m.name, '--缺少物料--') as materials_name, sum(o.num* ifnull(m.num, 0)) as materials_num
            from pdd_order o
                     left join pdd_materials m on o.shop_name = m.shop_name and o.style_id = m.style_id
            group by o.shop_name, o.order_id, o.style_id, ifnull(m.name, '--缺少物料--')
        )
        , pdd_order_res2 as (
            select r.shop_name, r.order_id, sum(r.materials_num) as materials_num
            from pdd_order_res r
            group by r.shop_name, r.order_id
        )
        , pdd_order_res3 as (
            select o.shop_name, o.order_id, o.materials_num, a.money
                 , a.money/nullif(o.materials_num, 0) as price
                 , if( MOD(a.money*10000000, nullif(o.materials_num, 0)) =0, 1, 0) as is_divisible
                 , a.create_time
            from pdd_order_res2 o, pdd_account_res a
            where o.shop_name = a.shop_name and o.order_id = a.order_id
        )
        select r.shop_name, r.order_id, r3.money, r3.create_time, r.style_id, r.materials_name, r.materials_num
             , r.materials_num* r3.price as materials_money
             , r3.is_divisible
        from pdd_order_res r, pdd_order_res3 r3
        where r.shop_name = r3.shop_name and r.order_id = r3.order_id
    </insert>

我发现带有with语句就会报错,已经尝试了能查的方法,这是我的yml配置文件截图

image
@lizongbo
Copy link
Collaborator

发完整的出错堆栈来

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lizongbo @8debug