Jfinal报错sql injection violation, multi-statement not allow

Jfinal报错:

com.jfinal.plugin.activerecord.ActiveRecordException: java.sql.SQLException: sql injection violation, multi-statement not allow 

public List<WarningFormDoc> findDocByPatrolRecordId(String patrolRecordId){
   String sql="select * from warning_form_doc where PATROL_RECORD_ID = " + patrolRecordId;
   return WarningFormDoc.dao.find(sql);
}

改为:
public List<WarningFormDoc> findDocByPatrolRecordId(String patrolRecordId){
   String sql="select * from warning_form_doc where PATROL_RECORD_ID = ?";
   return WarningFormDoc.dao.find(sql, patrolRecordId);
}

原因可能存在sql注入报错;



【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/YuyuanNo1/p/9492168.html