2. 程式人生 > >MyBatis與Druid資料庫連線池整合監控統計後WallFilterSQL注入異常問題處理方案

MyBatis與Druid資料庫連線池整合監控統計後WallFilterSQL注入異常問題處理方案

阿新 發佈:2019-01-13

資料庫連線池使用的是阿里巴巴的Druid(德魯伊)。專案中啟用了Druid的統計管理,在執行批量修改時提示;Caused by: java.sql.SQLException: sql injection violation, multi-statement not allow 。可以通過WallConfig設定multiStatementAllow=true解決此問題。官方配置參考:https://github.com/alibaba/druid/wiki/%E9%85%8D%E7%BD%AE-wallfilter

異常棧輸出

2017-04-18 16:33:29,610 [main] INFO  [fmcgwms.OpenAPIControllerTest] - >>>基礎資料同步(商品同步)JSON:{"attributes":[{"cdspFieldType":1,"cdspIsRequired":1,"cdspIsUom":1,"cdspName":"W","cdspNumber":"1","cdspRemark":"W","cdspSortnum":1,"cdspValue":"W"}],"cdskCdstCode":"C0000030","cdskExpiryDay":3,"cdskIsactive":1,"cdskItemChildCategory":"預包裝食品","cdskItemCode":"00000000673","cdskItemHeight":10,"cdskItemLength":10,"cdskItemName":"辣條","cdskItemTotalWeight":2,"cdskItemWidth":10,"cdskUnit":"袋","cdskUnitRelationStr":"1箱 =10袋","cdskUom":"","packages":[{"cdsgBaseNumber":1,"cdsgHeigth":10,"cdsgIsDecimal":0,"cdsgIsMainUnit":0,"cdsgLength":10,"cdsgLevel":1,"cdsgMainRelation":1,"cdsgName":"袋","cdsgNumber":"1","cdsgSuperiorRelation":1,"cdsgWeight":2,"cdsgWidth":10},{"cdsgBaseNumber":1,"cdsgHeigth":12,"cdsgIsDecimal":0,"cdsgIsMainUnit":1,"cdsgLength":12,"cdsgLevel":2,"cdsgMainRelation":10,"cdsgName":"箱","cdsgNumber":"2","cdsgSuperiorRelation":10,"cdsgWeight":12,"cdsgWidth":12}],"sumEnabelNum":0}
2017-04-18 16:33:29,638 [main] DEBUG [java.sql.Connection] - ooo Using Connection [
 
[email protected]]
2017-04-18 16:33:29,638 [main] DEBUG [java.sql.Connection] - ==>  Preparing: select CDST_ID, CDST_CUSTOMER_NAME, CDST_CONTACT, CDST_CONTACTOR_TELL, CDST_ADDRESS, CREATOR, CREATE_TIME, MODIFIER, MODIFY_TIME, CDST_CUSTOMER_CODE, CDST_CUSTOMER_STATUS,INTERFACE_UPDATETIME,INTERFACE_SERIALNO,CDST_SOURCE, CDST_PROVINCE, CDST_CITY, CDST_COUNT, CDST_AREA_IDS from cd_customer_P0000020 where CDST_CUSTOMER_CODE = ? 
2017-04-18 16:33:29,658 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: C0000030(String)
2017-04-18 16:33:29,666 [main] DEBUG [java.sql.Connection] - ooo Using Connection [
 
[email protected]]
2017-04-18 16:33:29,667 [main] DEBUG [java.sql.Connection] - ==>  Preparing: select CD_ITEM_ID, CREATOR, CREATE_TIME, MODIFIER, MODIFY_TIME, CDSK_ITEM_CODE, CDSK_ITEM_NAME, CDSK_ITEM_CHILD_CATEGORY, CDSK_ITEM_ORIGING, CDSK_ITEM_DESCRIPTION, CDSK_UOM, CDSK_UNIT, CDSK_EXTEND, CDSK_ISACTIVE, CDSK_BULK_UNIT, CDSK_WHOLE_BULK_RELATION, CDSK_EXPIRY_YEAR, CDSK_EXPIRY_MONTH, CDSK_EXPIRY_DAY, CDSK_CREATE_FIRM, CDSK_ITEM_WIDTH, CDSK_ITEM_HEIGHT, CDSK_ITEM_LENGTH, CDSK_ITEM_LENGTH_UNIT, CDSK_ITEM_WIDTH_UNIT, CDSK_ITEM_HEIGHT_UNIT, CDSK_ITEM_TOTAL_WEIGHT, CDSK_ITEM_REAL_WEIGHT, CDSK_ITEM_TOTAL_WEIGHT_UNIT, CDSK_ITEM_REAL_WEIGHT_UNIT,CDSK_CDST_ID,CDSK_GB_CODE, CDSK_FLOW_PROPERTY,CDSK_BOX_NUMBER,CDSK_TARY_NUMBER, CDSK_BATCH_ATTRIBUTE_CODE, CDSK_UNIT_RELATION_STR,CDSK_IS_DECIMAL, CDSK_SOURCE from cd_wh_itme_P0000020 where CDSK_ITEM_CODE = '00000000673' order by CD_ITEM_ID desc limit 0,1 
2017-04-18 16:33:29,671 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: 
2017-04-18 16:33:29,676 [main] DEBUG [java.sql.Connection] - ooo Using Connection [
 
[email protected]]
2017-04-18 16:33:29,677 [main] DEBUG [java.sql.Connection] - ==>  Preparing: select CDSP_ID, CDSP_CDSK_CODE, CDSP_NUMBER, CDSP_NAME, CDSP_VALUE, CDSP_REMARK, CDSP_SORTNUM, CDSP_IS_UOM, CDSP_IS_REQUIRED, CDSP_FIELD_TYPE from cd_wh_property_P0000020 where CDSP_NUMBER = ? and CDSP_CDSK_CODE = ? 
2017-04-18 16:33:29,691 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: 1(String), 00000000673(String)
2017-04-18 16:33:29,695 [main] DEBUG [java.sql.Connection] - ooo Using Connection [[email protected]]
2017-04-18 16:33:29,695 [main] DEBUG [java.sql.Connection] - ==>  Preparing: update cd_wh_property_P0000020 SET CDSP_CDSK_CODE = ?, CDSP_NUMBER = ?, CDSP_NAME = ?, CDSP_VALUE = ?, CDSP_REMARK = ?, CDSP_SORTNUM = ?, CDSP_IS_UOM = ?, CDSP_IS_REQUIRED = ?, CDSP_FIELD_TYPE = ? where CDSP_ID = ? 
2017-04-18 16:33:29,697 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: 00000000673(String), 1(String), W(String), W(String), W(String), 1(Integer), 1(Integer), 1(Integer), 1(Integer), 13(Integer)
2017-04-18 16:33:29,700 [main] DEBUG [java.sql.Connection] - ooo Using Connection [[email protected]]
2017-04-18 16:33:29,700 [main] DEBUG [java.sql.Connection] - ==>  Preparing: select CDSG_ID, CDSG_CDSK_CODE, CDSG_NUMBER, CDSG_NAME, CDSG_MAIN_RELATION, CDSG_SUPERIOR_RELATION, CDSG_LENGTH, CDSG_WIDTH, CDSG_HEIGTH, CDSG_WEIGHT, CDSG_IS_DECIMAL, CDSG_LEVEL, CDSG_BASE_NUMBER, CDSG_IS_MAIN_UNIT from cd_wh_package_P0000020 where CDSG_NUMBER = ? and CDSG_CDSK_CODE = ? 
2017-04-18 16:33:29,701 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: 1(String), 00000000673(String)
2017-04-18 16:33:29,704 [main] DEBUG [java.sql.Connection] - ooo Using Connection [[email protected]]
2017-04-18 16:33:29,704 [main] DEBUG [java.sql.Connection] - ==>  Preparing: select CDSG_ID, CDSG_CDSK_CODE, CDSG_NUMBER, CDSG_NAME, CDSG_MAIN_RELATION, CDSG_SUPERIOR_RELATION, CDSG_LENGTH, CDSG_WIDTH, CDSG_HEIGTH, CDSG_WEIGHT, CDSG_IS_DECIMAL, CDSG_LEVEL, CDSG_BASE_NUMBER, CDSG_IS_MAIN_UNIT from cd_wh_package_P0000020 where CDSG_NUMBER = ? and CDSG_CDSK_CODE = ? 
2017-04-18 16:33:29,705 [main] DEBUG [java.sql.PreparedStatement] - ==> Parameters: 2(String), 00000000673(String)
2017-04-18 16:33:29,709 [main] DEBUG [java.sql.Connection] - ooo Using Connection [[email protected]]
2017-04-18 16:33:29,709 [main] DEBUG [java.sql.Connection] - ==>  Preparing: update cd_wh_package_P0000020 SET CDSG_CDSK_CODE = ?, CDSG_NUMBER = ?, CDSG_NAME = ?, CDSG_MAIN_RELATION = ?, CDSG_SUPERIOR_RELATION = ?, CDSG_LENGTH = ?, CDSG_WIDTH = ?, CDSG_HEIGTH = ?, CDSG_WEIGHT = ?, CDSG_IS_DECIMAL = ?, CDSG_LEVEL = ?, CDSG_BASE_NUMBER = ?, CDSG_IS_MAIN_UNIT = ? where CDSG_ID = ? ; update cd_wh_package_P0000020 SET CDSG_CDSK_CODE = ?, CDSG_NUMBER = ?, CDSG_NAME = ?, CDSG_MAIN_RELATION = ?, CDSG_SUPERIOR_RELATION = ?, CDSG_LENGTH = ?, CDSG_WIDTH = ?, CDSG_HEIGTH = ?, CDSG_WEIGHT = ?, CDSG_IS_DECIMAL = ?, CDSG_LEVEL = ?, CDSG_BASE_NUMBER = ?, CDSG_IS_MAIN_UNIT = ? where CDSG_ID = ? 
2017-04-18 16:33:29,720 [main] INFO  [org.springframework.beans.factory.xml.XmlBeanDefinitionReader] - Loading XML bean definitions from class path resource [org/springframework/jdbc/support/sql-error-codes.xml]
2017-04-18 16:33:29,738 [main] INFO  [org.springframework.jdbc.support.SQLErrorCodesFactory] - SQLErrorCodes loaded: [DB2, Derby, H2, HSQL, Informix, MS-SQL, MySQL, Oracle, PostgreSQL, Sybase]
2017-04-18 16:33:29,743 [main] ERROR [com.wlyd.fmcgwms.service.platform.impl.APIForWaasServiceImpl] - >>>WAAS-API:同步商品異常-
### Error updating database.  Cause: java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
### SQL: update cd_wh_package_P0000020         SET CDSG_CDSK_CODE = ?,        CDSG_NUMBER = ?,        CDSG_NAME = ?,        CDSG_MAIN_RELATION = ?,        CDSG_SUPERIOR_RELATION = ?,        CDSG_LENGTH = ?,        CDSG_WIDTH = ?,        CDSG_HEIGTH = ?,        CDSG_WEIGHT = ?,        CDSG_IS_DECIMAL = ?,        CDSG_LEVEL = ?,        CDSG_BASE_NUMBER = ?,        CDSG_IS_MAIN_UNIT = ?          where CDSG_ID = ?         ;        update cd_wh_package_P0000020         SET CDSG_CDSK_CODE = ?,        CDSG_NUMBER = ?,        CDSG_NAME = ?,        CDSG_MAIN_RELATION = ?,        CDSG_SUPERIOR_RELATION = ?,        CDSG_LENGTH = ?,        CDSG_WIDTH = ?,        CDSG_HEIGTH = ?,        CDSG_WEIGHT = ?,        CDSG_IS_DECIMAL = ?,        CDSG_LEVEL = ?,        CDSG_BASE_NUMBER = ?,        CDSG_IS_MAIN_UNIT = ?          where CDSG_ID = ?
### Cause: java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?; nested exception is java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
org.springframework.jdbc.UncategorizedSQLException: 
### Error updating database.  Cause: java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
### SQL: update cd_wh_package_P0000020         SET CDSG_CDSK_CODE = ?,        CDSG_NUMBER = ?,        CDSG_NAME = ?,        CDSG_MAIN_RELATION = ?,        CDSG_SUPERIOR_RELATION = ?,        CDSG_LENGTH = ?,        CDSG_WIDTH = ?,        CDSG_HEIGTH = ?,        CDSG_WEIGHT = ?,        CDSG_IS_DECIMAL = ?,        CDSG_LEVEL = ?,        CDSG_BASE_NUMBER = ?,        CDSG_IS_MAIN_UNIT = ?          where CDSG_ID = ?         ;        update cd_wh_package_P0000020         SET CDSG_CDSK_CODE = ?,        CDSG_NUMBER = ?,        CDSG_NAME = ?,        CDSG_MAIN_RELATION = ?,        CDSG_SUPERIOR_RELATION = ?,        CDSG_LENGTH = ?,        CDSG_WIDTH = ?,        CDSG_HEIGTH = ?,        CDSG_WEIGHT = ?,        CDSG_IS_DECIMAL = ?,        CDSG_LEVEL = ?,        CDSG_BASE_NUMBER = ?,        CDSG_IS_MAIN_UNIT = ?          where CDSG_ID = ?
### Cause: java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
; uncategorized SQLException for SQL []; SQL state [null]; error code [0]; sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?; nested exception is java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:83)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
	at org.springframework.jdbc.support.AbstractFallbackSQLExceptionTranslator.translate(AbstractFallbackSQLExceptionTranslator.java:80)
	at org.mybatis.spring.MyBatisExceptionTranslator.translateExceptionIfPossible(MyBatisExceptionTranslator.java:73)
	at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:368)
	at com.sun.proxy.$Proxy13.update(Unknown Source)
	at org.mybatis.spring.SqlSessionTemplate.update(SqlSessionTemplate.java:254)
	at org.apache.ibatis.binding.MapperMethod.execute(MapperMethod.java:82)
	at org.apache.ibatis.binding.MapperProxy.invoke(MapperProxy.java:40)
	at com.sun.proxy.$Proxy21.updateBatch(Unknown Source)
	at com.wlyd.fmcgwms.service.platform.impl.APIForWaasServiceImpl.insertOrUpdateProduct(APIForWaasServiceImpl.java:992)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:317)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.invokeJoinpoint(ReflectiveMethodInvocation.java:183)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:150)
	at org.springframework.transaction.interceptor.TransactionInterceptor$1.proceedWithInvocation(TransactionInterceptor.java:96)
	at org.springframework.transaction.interceptor.TransactionAspectSupport.invokeWithinTransaction(TransactionAspectSupport.java:260)
	at org.springframework.transaction.interceptor.TransactionInterceptor.invoke(TransactionInterceptor.java:94)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at com.alibaba.druid.support.spring.stat.DruidStatInterceptor.invoke(DruidStatInterceptor.java:73)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:91)
	at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
	at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
	at com.sun.proxy.$Proxy52.insertOrUpdateProduct(Unknown Source)
	at fmcgwms.OpenAPIControllerTest.testProductJSON(OpenAPIControllerTest.java:471)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47)
	at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
	at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44)
	at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
	at org.springframework.test.context.junit4.statements.RunBeforeTestMethodCallbacks.evaluate(RunBeforeTestMethodCallbacks.java:74)
	at org.springframework.test.context.junit4.statements.RunAfterTestMethodCallbacks.evaluate(RunAfterTestMethodCallbacks.java:83)
	at org.springframework.test.context.junit4.statements.SpringRepeat.evaluate(SpringRepeat.java:72)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:231)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.runChild(SpringJUnit4ClassRunner.java:88)
	at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238)
	at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63)
	at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236)
	at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53)
	at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229)
	at org.springframework.test.context.junit4.statements.RunBeforeTestClassCallbacks.evaluate(RunBeforeTestClassCallbacks.java:61)
	at org.springframework.test.context.junit4.statements.RunAfterTestClassCallbacks.evaluate(RunAfterTestClassCallbacks.java:71)
	at org.junit.runners.ParentRunner.run(ParentRunner.java:309)
	at org.springframework.test.context.junit4.SpringJUnit4ClassRunner.run(SpringJUnit4ClassRunner.java:174)
	at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:50)
	at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
	at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Caused by: java.sql.SQLException: sql injection violation, multi-statement not allow : update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
        ; 
      update cd_wh_package_P0000020 
       SET CDSG_CDSK_CODE = ?,
	      CDSG_NUMBER = ?,
	      CDSG_NAME = ?,
	      CDSG_MAIN_RELATION = ?,
	      CDSG_SUPERIOR_RELATION = ?,
	      CDSG_LENGTH = ?,
	      CDSG_WIDTH = ?,
	      CDSG_HEIGTH = ?,
	      CDSG_WEIGHT = ?,
	      CDSG_IS_DECIMAL = ?,
	      CDSG_LEVEL = ?,
	      CDSG_BASE_NUMBER = ?,
	      CDSG_IS_MAIN_UNIT = ? 
        where CDSG_ID = ?
	at com.alibaba.druid.wall.WallFilter.check(WallFilter.java:708)
	at com.alibaba.druid.wall.WallFilter.connection_prepareStatement(WallFilter.java:233)
	at com.alibaba.druid.filter.FilterChainImpl.connection_prepareStatement(FilterChainImpl.java:448)
	at com.alibaba.druid.proxy.jdbc.ConnectionProxyImpl.prepareStatement(ConnectionProxyImpl.java:342)
	at com.alibaba.druid.pool.DruidPooledConnection.prepareStatement(DruidPooledConnection.java:311)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.ibatis.logging.jdbc.ConnectionLogger.invoke(ConnectionLogger.java:53)
	at com.sun.proxy.$Proxy173.prepareStatement(Unknown Source)
	at org.apache.ibatis.executor.statement.PreparedStatementHandler.instantiateStatement(PreparedStatementHandler.java:72)
	at org.apache.ibatis.executor.statement.BaseStatementHandler.prepare(BaseStatementHandler.java:82)
	at org.apache.ibatis.executor.statement.RoutingStatementHandler.prepare(RoutingStatementHandler.java:54)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.apache.ibatis.plugin.Invocation.proceed(Invocation.java:46)
	at com.wlyd.fmcgwms.util.mybatis.PagePlugin.intercept(PagePlugin.java:101)
	at org.apache.ibatis.plugin.Plugin.invoke(Plugin.java:57)
	at com.sun.proxy.$Proxy172.prepare(Unknown Source)
	at org.apache.ibatis.executor.SimpleExecutor.prepareStatement(SimpleExecutor.java:70)
	at org.apache.ibatis.executor.SimpleExecutor.doUpdate(SimpleExecutor.java:44)
	at org.apache.ibatis.executor.BaseExecutor.update(BaseExecutor.java:108)
	at org.apache.ibatis.executor.CachingExecutor.update(CachingExecutor.java:75)
	at org.apache.ibatis.session.defaults.DefaultSqlSession.update(DefaultSqlSession.java:145)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:606)
	at org.mybatis.spring.SqlSessionTemplate$SqlSessionInterceptor.invoke(SqlSessionTemplate.java:358)
	... 52 more
同步商品結果:{"IsSuccess":false,"OperationDesc":"商品同步異常","ResultCode":506}


MySQL批量執行操作

注:下面是mybatis配置mapper.xml執行商品的包裝和屬性批量更新.

packages:

 <!-- 批量更新-->  
  <update id="updateBatch" >
       <foreach collection="list" item="item" index="index" open="" close="" separator=";" >
      update cd_wh_package_${tableName}
      <set>
          CDSG_CDSK_CODE = #{item.cdsgCdskCode,jdbcType=VARCHAR},
          CDSG_NUMBER = #{item.cdsgNumber,jdbcType=VARCHAR},
          CDSG_NAME = #{item.cdsgName,jdbcType=VARCHAR},
          CDSG_MAIN_RELATION = #{item.cdsgMainRelation,jdbcType=INTEGER},
          CDSG_SUPERIOR_RELATION = #{item.cdsgSuperiorRelation,jdbcType=INTEGER},
          CDSG_LENGTH = #{item.cdsgLength,jdbcType=DECIMAL},
          CDSG_WIDTH = #{item.cdsgWidth,jdbcType=DECIMAL},
          CDSG_HEIGTH = #{item.cdsgHeigth,jdbcType=DECIMAL},
          CDSG_WEIGHT = #{item.cdsgWeight,jdbcType=DECIMAL},
          CDSG_IS_DECIMAL = #{item.cdsgIsDecimal,jdbcType=INTEGER},
          CDSG_LEVEL = #{item.cdsgLevel,jdbcType=INTEGER},
          CDSG_BASE_NUMBER = #{item.cdsgBaseNumber,jdbcType=INTEGER},
          CDSG_IS_MAIN_UNIT = #{item.cdsgIsMainUnit,jdbcType=INTEGER}
        </set>
        where CDSG_ID = #{item.cdsgId,jdbcType=INTEGER}
       </foreach>
  </update>

property:
 <!-- 批量更新-->  
  <update id="updateBatch" >
       <foreach collection="list" item="item" index="index" open="" close="" separator=";" >
  update cd_wh_property_${tableName}
       <set>
          CDSP_CDSK_CODE = #{item.cdspCdskCode,jdbcType=VARCHAR},
          CDSP_NUMBER = #{item.cdspNumber,jdbcType=VARCHAR},
          CDSP_NAME = #{item.cdspName,jdbcType=VARCHAR},
          CDSP_VALUE = #{item.cdspValue,jdbcType=VARCHAR},
          CDSP_REMARK = #{item.cdspRemark,jdbcType=VARCHAR},
          CDSP_SORTNUM = #{item.cdspSortnum,jdbcType=INTEGER},
          CDSP_IS_UOM = #{item.cdspIsUom,jdbcType=INTEGER},
          CDSP_IS_REQUIRED = #{item.cdspIsRequired,jdbcType=INTEGER},
          CDSP_FIELD_TYPE = #{item.cdspFieldType,jdbcType=INTEGER}
       </set>
       where CDSP_ID = #{item.cdspId,jdbcType=INTEGER}
       </foreach>
  </update>

分析需要修改的設定屬性值

控制檯第一句就報出了check()的異常:

上面的config是WallConfig:

Spring修改設定資料來源和WallFilter

<!--允許多個批量處理配置==修改後存在SQL注入風險 -->
    <bean id="myWallConfig" class="com.alibaba.druid.wall.WallConfig">  
            <property name="multiStatementAllow" value="true" />  
    </bean>  
     
    <!--重新定義過濾器,允許多個批量處理配置 預設是wall-->
    <bean id="wall-filter" class="com.alibaba.druid.wall.WallFilter">
        <property name="config" ref="myWallConfig"/>  
    </bean>
    
    <bean id="dataSource" class="com.alibaba.druid.pool.DruidDataSource"
        init-method="init" destroy-method="close">
        <property name="driverClassName">
            <value>${jdbc.driverClass}</value>
        </property>
        <property name="url">
            <value>${jdbc.jdbcUrl}</value>
        </property>
        <property name="username">
            <value>${jdbc.user}</value>
        </property>
        <property name="password">
            <value>${jdbc.password}</value>
        </property>
        <!-- 連線池最大使用連線數  -->
        <property name="maxActive">
            <value>100</value>
        </property> 
        <!-- 初始化連線大小 -->
        <property name="initialSize">
            <value>10</value>
        </property>
        <!-- 獲取連線最大等待時間 -->
        <property name="maxWait">
            <value>60000</value>
        </property>
        <!-- 連線池最大空閒   已經失效的引數
        <property name="maxIdle">
            <value>50</value>
        </property>-->
        <!-- 連線池最小空閒 -->
        <property name="minIdle">
            <value>10</value>
        </property>
        <!-- 自動清除無用連線 -->
        <property name="removeAbandoned">
            <value>true</value>
        </property>
        <!-- 清除無用連線的等待時間 -->
        <property name="removeAbandonedTimeout">
            <value>1800</value>
        </property>
        <!-- 連線屬性 -->
        <property name="connectionProperties">
            <value>clientEncoding=UTF-8</value>
        </property>
        <!-- 配置監控統計攔截的filters -->
        <!-- <property name="filters" value="wall,stat" /> -->
        <property name="filters" value="stat" /> 
        <!-- JDBC Proxy Driver -->
        <property name="proxyFilters">
          <list>
              <ref bean="wall-filter"/>
          </list>
      </property>
        
    </bean>
    <!-- Druid 配置 end -->

Druid預設的WallFilter是wall.如果啟動時有錯誤資訊需要去檢視WallFilter的配置。

Druid配置的過濾器

Druid配置的時候還有一個大坑就是,不要自定義WallFilter配置filters,你需要通過proxyFilters來配置。

DruidDataSource繼承了DruidAbstractDataSource,



可以看出來,既可以配置filters,也可以配置proxyFilters,不同的是,filters是字串別名,proxyFilters是類。

我們繼續看一下這些字串的值應該是啥樣的:




過濾器配置:


截圖參考的是:http://blog.csdn.net/goldenfish1919/article/details/50600053

相關推薦

MyBatisDruid資料庫連線整合監控統計WallFilterSQL注入異常問題處理方案

資料庫連線池使用的是阿里巴巴的Druid(德魯伊)。專案中啟用了Druid的統計管理,在執行批量修改時提示;Caused by: java.sql.SQLException: sql injection violation, multi-statement not allow

Spring Boot 整合 Mybatisdruid 資料庫連線 以及 分頁配置)

MyBatis 是一款優秀的持久層框架,它支援定製化 SQL、儲存過程以及高階對映,目前很大一部分網際網路、軟體公司都在使用這套框架 下來來之後,我們主要關注幾個檔案 配置檔案:generator.properties 主要是資料庫的相關配置,以及檔案生成的根路徑 generator.jdbc.drive

springmvc(五)整合阿里 druid資料庫連線和事務等配置,整合mybatis

感謝我們的小領導,他在研究,我們在套用,他走了以後再沒有完善過,一直沿用至今。如果看這裡的朋友有什麼需要整合進來的,不吝賜教,謝謝各位了。 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http:

springboot 整合阿里 Druid 資料庫連線

一,Druid是什麼? Druid是Java語言中最好的資料庫連線池。Druid能夠提供強大的監控和擴充套件功能。 二, 在哪裡下載druid 三, 怎麼獲取Druid的原始碼 Druid是一個開源專案,原始碼託管在github上,原始碼倉庫

Druid資料庫連線Druid內建監控系統簡單介紹

Druid簡介 Druid是阿里巴巴的一個開源資料庫連線池,基於Apache 2.0協議,可以免費自由使用。但它不僅僅是一個數據庫連線池,它還包含一個ProxyDriver,一系列內建的JDBC元件庫,一個SQL Parser。Druid能夠提供強大的監控和擴充套件功能。但D

springBoot(八)整合整合阿里druid資料庫連線

         當時是基於C3P0處理資料庫,然後偶發性出現連線超時,然後加上需要檢視連線次數以及訪問次數,我就想到採用druid資料庫連線池,話不多說,先上程式碼 其實下面的部分出於演示,用硬編碼,其實完全可以通過配置屬性,來進行動態改變,至於SpringCloud

druid 資料庫連線的詳細配置

首先說一下自己程式中遇到的問題,前一段時間新寫了一個專案,主要架構改進,為前端提供介面(spring +springmvc+mybatis) 在新專案中使用的是阿里的druid連線池,配置簡單,除了資料庫地址,驅動類,使用者名稱和密碼其他一起都是預設,開始的時候由於專案更新上線頻率比較多,沒有出現太

阿里Druid資料庫連線配置解釋

#阿里資料庫連線池Druid配置 # 初始化連線大小 spring.datasource.druid.initial-size=20 # 最小空閒連線數 spring.datasource.druid.minIdle=20 # 最大連線數 spring.datasource.druid.maxAct

c3p0,dbcpdruid 三大連線的區別[轉]

說到druid,這個是在開源中國開源專案中看到的,說是比較好的資料連線池。於是乎就看看。扯淡就到這。   下面就講講用的比較多的資料庫連線池。(其實我最先接觸的是dbcp這個)    1)DBCP   DBCP是一個依賴Jakarta commons-pool物件池機制的資料庫連線池.DBCP可以直接的

測試druid資料庫連線併發遇到的問題

測試條件配置: 1:配置druid連線池最大數量為500(maxActive=500)。 2:測試併發量為1000。 報錯:Data source rejected establishment of connection,  message from server: "Too

c3p0,dbcpdruid 三大連線的區別

dbcp連線池pom檔案 <dependency> <groupId>commons-dbcp</groupId> <artifactId>commons-dbcp</artifactId> <vers

基於Druid資料庫連線的資料來源配置,資料庫連線密碼加密解密

Druid的資料庫連線池配置。 <!-- 基於Druid資料庫連線池的資料來源配置 --> <bean id="dataSource" class="com.alibaba.drui

Druid資料庫連線問題,ERROR c.alibaba.druid.poo l.DruidDataSource

14:07:41.550 [Druid-ConnectionPool-Destroy-1326667259] ERROR c.alibaba.druid.poo l.DruidDataSource - abandon connection, owner thread: loc

c3p0,dbcpdruid 三大連線的區別(轉)

  下面就講講用的比較多的資料庫連線池。    1)DBCP   DBCP是一個依賴Jakarta commons-pool物件池機制的資料庫連線池.DBCP可以直接的在應用程式中使用,Tomcat的資料來源使用的就是DBCP。   2)c3p0   c3p0是一個開放原始碼的JDB

Druid資料庫連線原始碼分析

Druid不僅僅是一個數據庫連線池,還有很多標籤,比如統計監控、過濾器、SQL解析等。既然要分析連線池,那先看看DruidDataSource類 getConnection方法的實現:   @Override public DruidPooledConne

Springboot+druid資料庫連線使用

1. 為什麼要使用資料庫連線池        使用資料庫連線池主要考慮到程式與資料庫建立連線的效能。建立一個新的資料庫是一個很耗時的過程,在使用完之後,可能還需要不斷的釋放建立的連線,對資源的損耗大。        而採用資料庫連線池之後,首先就建立了固定數量的資料庫連線,需

DBCP和Druid資料庫連線使用

需要用到的jar包,commons-dbcp2-*.jar、commons-logging-*.jar、commons-pool2-*.jar,*代表版本號 DataSourceTest類 pa

Mybatis原始碼分析】Mybatis原始碼分析-資料庫連線

Mybatis支援三種類型的資料來源處理:JNDI、無連線池和有連線池功能資料來源,有連線池功能是在無連線池功能的基礎上增加了連線池的處理。 Mybatis的資料來源管理是通過工廠模式實現,通過DataSourceFactory介面實現不同功能的資料來源管理工廠。 一

Spring Boot [使用 Druid 資料庫連線]

導讀 最近一段時間比較忙,以至於很久沒有更新Spring Boot系列文章,恰好最近用到Druid, 就將Spring Boot 使用 Druid作為資料來源做一個簡單的介紹。 Druid介紹: Druid是阿里巴巴開源的資料庫連線池,Druid號稱是Java語言中

030 DBUtils工具類DataSource資料庫連線

1. DButils工具類的介紹個三個核心類 1. DButils工具類的介紹個三個核心類 a: 概述 DBUtils是java程式設計中的資料庫操作實用工具,小巧簡單實用。 DBUtils封裝了對JDBC的操作,簡化了JDBC操作,可以少寫