一般地,#{}在mybatis中表示申明一个变量;使用#{}传参时,sql语句解析是会加上"",比如 select * from user where name = #{name} ,传入的name为zhangxing,那么最后
打印出来的sql为:
select * from user where name = ‘zhangxing’,就是会当成字符串来解析,这样相比于${}的好处是比较明显的:#{}传参能防止sql注入,如果传入的参数为 单引号',那么使用
${},这种方式是会报错的;
一般地,在排序(oreder by),分组(group by)或者插入固定表及字段时,可以考虑使用${}
select * from user order by ${param}
${param} :当入参是age时, =>select * from user order by age,这时非得用${},如果用#{},
select * from user order by #{param}
#{param}:当入参是age时,=>select * from user order by 'age',显然会报错,但是笔者还是建议能用#{}解决需求的尽量用#{},它能有效的防止sql注入
①mapper中的sql
<select id="selectUserInfoByOrder" resultType="com.cckj.bean.UserInfo"> select * from userinfo ORDER by ${param} </select>
②dao层接口申明
List<UserInfo> selectUserInfoByOrder(@Param("param") String param);
③controller层调用
@RequestMapping(value = "/getUserInfoByOrder", produces = "application/json;charset=utf-8") public Map<String,Object> getUserInfoByOrder(HttpServletResponse response,String param){ response.setHeader("Access-Control-Allow-Origin","*"); List<UserInfo> userList = userInfoService.selectUserInfoByOrder(param); Map<String,Object> map = new HashMap<>(); map.put("userlist",userList); map.put("status",1); return map; }
针对不同的业务需求,则调用不同的service层的排序入参;
【id】降序效果图:
【age】降序效果图:
①mapper中的sql
<select id="selectUserInfoByMixed" parameterType="map" resultType="com.cckj.bean.UserInfo"> select * from userinfo where ${param} = #{value} </select>②dao层接口定义
List<UserInfo> selectUserInfoByMixed(HashMap map);③controller层调用
@RequestMapping(value = "/getUserInfoByMixed", produces = "application/json;charset=utf-8") public Map<String,Object> getUserInfoByMixed(HttpServletResponse response,String param,String value){ response.setHeader("Access-Control-Allow-Origin","*"); HashMap paramMap = new HashMap(); paramMap.put("param",param); paramMap.put("value",value); List<UserInfo> userList = userInfoService.selectUserInfoByMixed(paramMap); Map<String,Object> map = new HashMap<>(); map.put("userlist",userList); map.put("status",1); return map; }测试效果图:
好了,我是张星,欢迎加入博主技术交流群,群号:313145288