Home  >  Article  >  Database  >  Two methods of sql splicing for MyBatis fuzzy query

Two methods of sql splicing for MyBatis fuzzy query

2017-06-23 13:36:243802browse

Method 1:

In the sql statement, use ${} instead of #{}.

#{} represents a placeholder, for example: #{id}--The id represents the parameter to be input, and the parameter name is the id. If the input parameter is a simple type, #{} The parameter name can be arbitrary, and can be value or other names;

${}: means splicing the sql string, and splicing the content of the received parameters into sql without any modification, for example: ${value}-- Receive the content of the input parameter. If the incoming type is a simple type, only value can be used in ${}.

Note: Using ${} to splice SQL strings has security risks and can easily cause SQL injection, so excessive use is not recommended.

Method 2:

Use the CONCAT method in the sql statement to splice the sql statement. For example: SELECT * FROM User WHERE name LIKE CONCAT('%', #{name}, '%').

The above is the detailed content of Two methods of sql splicing for MyBatis fuzzy query. For more information, please follow other related articles on the PHP Chinese website!

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn