mybatis中条件查询的预编译符号

编程入门行业动态更新时间:2024-10-09 12:33:47

mybatis中条件查询的预编译<a href=https://www.elefans.com/category/jswz/34/1770893.html style= 符号"/>

mybatis中条件查询的预编译符号

在mybatis中#{}代表预编译,可以防止sql注入,而${}相反

@Select("select * from emp where name like '%#{name}%' and gender =#{gender} and " +"entrydate between #{begin} and #{end} order by update_time desc ")public List<Emp> list (String name, Short gender, LocalDate begin,LocalDate end);

%#{name}%预编译会导致sql编译出错需要换成%${name}%,而%${name}%性能低,不安全,存在sql注入问题,此时可以使用mysql的concat()指令替换.

concat('%',#{name},'%')

// 条件查询@Select("select * from emp where name like '%${name}%' and gender =#{gender} and " +"entrydate between #{begin} and #{end} order by update_time desc ")public List<Emp> list (String name, Short gender, LocalDate begin,LocalDate end);

@Select("select * from emp where name like concat('%',#{name},'%') and gender =#{gender} and " +"entrydate between #{begin} and #{end} order by update_time desc ")public List<Emp> list (String name, Short gender, LocalDate begin,LocalDate end);

更多推荐

mybatis中条件查询的预编译符号

本文发布于:2024-02-13 04:54:57，感谢您对本站的认可！

本文链接:https://www.elefans.com/category/jswz/34/1690768.html