MyBatis实现模糊查询的几种方式

时间 2019-11-09

原文原文链接

　　在学习MyBatis过程当中想实现模糊查询，惋惜失败了。后来上百度上查了一下，算是解决了。记录一下MyBatis实现模糊查询的几种方式。
　　数据库表名为test_student,初始化了几条记录，如图：
　　
　　
　　起初我在MyBatis的mapper文件中是这样写的： sql

<select id="searchStudents" resultType="com.example.entity.StudentEntity"
        parameterType="com.example.entity.StudentEntity">
        SELECT * FROM test_student
        <where>
            <if test="age != null and age != '' and compare != null and compare != ''">
                age
                ${compare}
                #{age}
            </if>
            <if test="name != null and name != ''">
                AND name LIKE '%#{name}%'
            </if>
            <if test="address != null and address != ''">
                AND address LIKE '%#{address}%'
            </if>
        </where>
        ORDER BY id
    </select>

写完后自我感受良好，很开心的就去跑程序了，结果固然是报错了：
数据库

　　经百度得知，这么写经MyBatis转换后(‘%#{name}%’)会变为(‘%?%’),而(‘%?%’)会被看做是一个字符串，因此Java代码在执行找不到用于匹配参数的 ‘?’ ,而后就报错了。app

解决方法

1.用${…}代替#{…}函数

<select id="searchStudents" resultType="com.example.entity.StudentEntity"
        parameterType="com.example.entity.StudentEntity">
        SELECT * FROM test_student
        <where>
            <if test="age != null and age != '' and compare != null and compare != ''">
                age
                ${compare}
                #{age}
            </if>
            <if test="name != null and name != ''">
                AND name LIKE '%${name}%'
            </if>
            <if test="address != null and address != ''">
                AND address LIKE '%${address}%'
            </if>
        </where>
        ORDER BY id
    </select>

查询结果以下图：
学习

　　注：使用${…}不能有效防止SQL注入，因此这种方式虽然简单可是不推荐使用！！！spa

2.把’%#{name}%’改成”%”#{name}”%”code

<select id="searchStudents" resultType="com.example.entity.StudentEntity"
        parameterType="com.example.entity.StudentEntity">
        SELECT * FROM test_student
        <where>
            <if test="age != null and age != '' and compare != null and compare != ''">
                age
                ${compare}
                #{age}
            </if>
            <if test="name != null and name != ''">
                AND name LIKE "%"#{name}"%"
            </if>
            <if test="address != null and address != ''">
                AND address LIKE "%"#{address}"%"
            </if>
        </where>
        ORDER BY id
    </select>

查询结果：
blog

3.使用sql中的字符串拼接函数ip

<select id="searchStudents" resultType="com.example.entity.StudentEntity"
        parameterType="com.example.entity.StudentEntity">
        SELECT * FROM test_student
        <where>
            <if test="age != null and age != '' and compare != null and compare != ''">
                age
                ${compare}
                #{age}
            </if>
            <if test="name != null and name != ''">
                AND name LIKE CONCAT(CONCAT('%',#{name},'%'))
            </if>
            <if test="address != null and address != ''">
                AND address LIKE CONCAT(CONCAT('%',#{address},'%'))
            </if>
        </where>
        ORDER BY id
    </select>

查询结果：
字符串

4.使用标签

<select id="searchStudents" resultType="com.example.entity.StudentEntity"
        parameterType="com.example.entity.StudentEntity">
        <bind name="pattern1" value="'%' + _parameter.name + '%'" />
        <bind name="pattern2" value="'%' + _parameter.address + '%'" />
        SELECT * FROM test_student
        <where>
            <if test="age != null and age != '' and compare != null and compare != ''">
                age
                ${compare}
                #{age}
            </if>
            <if test="name != null and name != ''">
                AND name LIKE #{pattern1}
            </if>
            <if test="address != null and address != ''">
                AND address LIKE #{pattern2}
            </if>
        </where>
        ORDER BY id
    </select>

查询结果：

5.在Java代码中拼接字符串
　　这个方法没试过，就不贴代码和结果了。

————2017.07.03