Method 1:
In the sql statement, use ${} instead of #{}.
#{} represents a placeholder, for example: #{id}--The id represents the parameter to be input, and the parameter name is the id. If the input parameter is a simple type, #{} The parameter name can be arbitrary, and can be value or other names;
${}: means splicing the sql string, and splicing the content of the received parameters into sql without any modification, for example: ${value}-- Receive the content of the input parameter. If the incoming type is a simple type, only value can be used in ${}.
Note: Using ${} to splice SQL strings has security risks and can easily cause SQL injection, so excessive use is not recommended.
Method 2:
Use the CONCAT method in the sql statement to splice the sql statement. For example: SELECT * FROM User WHERE name LIKE CONCAT('%', #{name}, '%').
The above is the detailed content of Two methods of sql splicing for MyBatis fuzzy query. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
