代码:Integer offerCount = collegeStudentOfferMapper.selectCount(new QueryWrapper().lambda()
.eq(CollegeStudentOffer::getIsDeleted,0).last("AND " + sqlConfig));
其中sqlConfig为: "本科" IN ("本科", "硕士研究生", "博士研究生") AND ("金融学" LIKE "%金融%" OR "金融学" LIKE "%经济%" OR "金融学" LIKE "%财务%")
运行报错:java.sql.SQLException: sql injection violation, double const condition : SELECT COUNT(1) FROM college_student_offer WHERE (is_deleted = ?) AND "本科" IN ("本科", "硕士研究生", "博士研究生") AND ("金融学" LIKE "%金融%" OR "金融学" LIKE "%经济%" OR "金融学" LIKE "%财务%")
大佬求解
https://blog.csdn.net/qsz1281509180/article/details/104912838
你这个数据库字段怎么设置的呀,怎么能用中文呢?要是公司工作,看你设计表示中文的估计gg了。
看你的sql,
SELECT COUNT(1) FROM college_student_offer WHERE (is_deleted = ?) AND "本科" IN ("本科", "硕士研究生", "博士研究生") AND ("金融学" LIKE "%金融%" OR "金融学" LIKE "%经济%" OR "金融学" LIKE "%财务%")
"本科" IN ("本科", "硕士研究生", "博士研究生") --这里“本科”是字段,为什么要加双引号?
你的错就是字段加了双引号。