How to avoid having $ in the template sql generated by Mybatis generator?

[SS wang]

Hi team,

I'm doing a source code scan on my project. We're using the Mybatis Generator to generate template code for us. In the generated SQL there're $ signs.

It causes the source code scan to raise the CWE 098 SQL Injection as a critical issue.

Is there any way to avoid having the $ generated?

[Jeff Butler]

You can resolve this by switching to the newer runtime based on  MyBatis Dynamic SQL

Jeff Butler

 

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mybatis-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/b4cae6b1-9c7e-4c25-8362-1d8ba45edfd6n%40googlegroups.com.