### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

来源:4-8 DAO层单元测试编码和问题排查(上)

失落的幽灵

2019-03-19 16:59

org.springframework.jdbc.UncategorizedSQLException: 

### Error updating database.  Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

        A', expect IDENTIFIER, actual IDENTIFIER pos 138, line 5, column 33, token IDENTIFIER Mar : UPDATE tb_seckill

        SET number= number -1

        WHERE seckill_id = ?

        AND start_time  <=  ?

        AND end_time >= Tue Mar 19 16:54:45 CST 2019

        AND number > 0;

### The error may exist in file [/Users/yinyinchuan/Documents/project/workspace/ws_java/seckill/seckill/target/classes/mapper/TbSeckillMapper.xml]

### The error may involve com.hades.xq.seckill.dao.TbSeckillMapper.reduceNumber

### The error occurred while executing an update

### SQL: UPDATE tb_seckill         SET number= number -1         WHERE seckill_id = ?         AND start_time  <=  ?         AND end_time >= Tue Mar 19 16:54:45 CST 2019         AND number > 0;

### Cause: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

        A', expect IDENTIFIER, actual IDENTIFIER pos 138, line 5, column 33, token IDENTIFIER Mar : UPDATE tb_seckill

        SET number= number -1

        WHERE seckill_id = ?

        AND start_time  <=  ?

        AND end_time >= Tue Mar 19 16:54:45 CST 2019

        AND number > 0;

; uncategorized SQLException; SQL state [null]; error code [0]; sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

        A', expect IDENTIFIER, actual IDENTIFIER pos 138, line 5, column 33, token IDENTIFIER Mar : UPDATE tb_seckill

        SET number= number -1

        WHERE seckill_id = ?

        AND start_time  <=  ?

        AND end_time >= Tue Mar 19 16:54:45 CST 2019

        AND number > 0;; nested exception is java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

        A', expect IDENTIFIER, actual IDENTIFIER pos 138, line 5, column 33, token IDENTIFIER Mar : UPDATE tb_seckill

        SET number= number -1

        WHERE seckill_id = ?

        AND start_time  <=  ?

        AND end_time >= Tue Mar 19 16:54:45 CST 2019

        AND number > 0;


at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:89)

at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)

at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:81)

at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)

at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:446)

at com.sun.proxy.$Proxy70.update(Unknown Source)

at org.mybatis.spring.SqlSessionTemplate.update(SqlSessionTemplate.java:294)

at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:64)

at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:58)

at com.sun.proxy.$Proxy71.reduceNumber(Unknown Source)

at com.hades.xq.seckill.dao.TbSeckillMapperTest.reduceNumber(TbSeckillMapperTest.java:27)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

at java.lang.reflect.Method.invoke(Method.java:498)

at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)

at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)

at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)

at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)

at org.springframework.test.context.junit4.statements.RunBeforeTestExecutionCallbacks.evaluate(RunBeforeTestExecutionCallbacks.java:74)

at org.springframework.test.context.junit4.statements.RunAfterTestExecutionCallbacks.evaluate(RunAfterTestExecutionCallbacks.java:84)

at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:75)

at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:86)

at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:84)

at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:251)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:97)

at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)

at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)

at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)

at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)

at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)

at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)

at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:70)

at org.junit.runners.ParentRunner.run(ParentRunner.java:363)

at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:190)

at org.junit.runner.JUnitCore.run(JUnitCore.java:137)

at com.intellij.junit4.JUnit4IdeaTestRunner.startRunnerWithArgs(JUnit4IdeaTestRunner.java:68)

at com.intellij.rt.execution.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:47)

at com.intellij.rt.execution.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:242)

at com.intellij.rt.execution.junit.JUnitStarter.main(JUnitStarter.java:70)

Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, error in :' Mar 19 16:54:45 CST 2019

        A', expect IDENTIFIER, actual IDENTIFIER pos 138, line 5, column 33, token IDENTIFIER Mar : UPDATE tb_seckill

        SET number= number -1

        WHERE seckill_id = ?

        AND start_time  <=  ?

        AND end_time >= Tue Mar 19 16:54:45 CST 2019

        AND number > 0;



写回答 关注

1回答

  • Dack_Tree
    2019-06-08 14:21:07

       AND end_time >= Tue Mar 19 16:54:45 CST 2019 检查一下这个sql 用#{} 试一下

Java高并发秒杀API之业务分析与DAO层

Java实现高并发秒杀API的第一门课,还等什么,赶快来加入吧

87426 学习 · 496 问题

查看课程

相似问题