Home > Database > Mysql Tutorial > Two methods of sql splicing for MyBatis fuzzy query

Two methods of sql splicing for MyBatis fuzzy query

怪我咯
Release: 2017-06-23 13:36:24
Original
3971 people have browsed it

Method 1:

In the sql statement, use ${} instead of #{}.

#{} represents a placeholder, for example: #{id}--The id represents the parameter to be input, and the parameter name is the id. If the input parameter is a simple type, #{} The parameter name can be arbitrary, and can be value or other names;

${}: means splicing the sql string, and splicing the content of the received parameters into sql without any modification, for example: ${value}-- Receive the content of the input parameter. If the incoming type is a simple type, only value can be used in ${}.

Note: Using ${} to splice SQL strings has security risks and can easily cause SQL injection, so excessive use is not recommended.

Method 2:

Use the CONCAT method in the sql statement to splice the sql statement. For example: SELECT * FROM User WHERE name LIKE CONCAT('%', #{name}, '%').

The above is the detailed content of Two methods of sql splicing for MyBatis fuzzy query. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template