MyBatis使用Druid数据源批量更新失败

已经允许批量更新

      filter:
        wall:
          config:
            multi-statement-allow: true #允许一次批量更新操作,会导致SQL注入
Caused by: java.sql.SQLException: sql injection violation, syntax error: syntax error, expect EQ, actual IDENTIFIER pos 372, line 22, column 20, token IDENTIFIER id : update sys_role
        set
           
            name = ?,
           
           
            remark = ?,
           
           
            create_by = ?,
           
           
            create_time = ?,
           
           
            last_update_time = ?,
           
           
            last_update_by = ?,
           
           
            where id = ?
      
      update sys_role
        set
           
            name = ?,
           
           
            remark = ?,
           
           
            create_by = ?,
           
           
            create_time = ?,
           
           
            last_update_time = ?,
           
           
            last_update_by = ?,
           
           
            where id = ?

解决:在代码中循环

    @PostMapping("/update/list")
    public HttpResult update( @RequestBody List<SysRole> sysRoles){
        try{
            for(SysRole sysRole: sysRoles){

                sysRole.setLastUpdateTime(new Date());
                sysRoleService.update(sysRole);
            }
            return HttpResult.ok(sysRoles);
        }catch (Exception e){
            e.printStackTrace();
            return HttpResult.error("角色修改失败");
        }
    }

你可能感兴趣的:(MyBatis使用Druid数据源批量更新失败)