模糊查询防止sql注入

2024-02-11 18:45:28

第一种

接口方法

//根据map查询用户
    List<User> getUserByID2(Map map);

编写Mapper.xml配置

 <!--模糊查询-->
    <select id="getUserByID2" resultType="com.Google.pojo.User" parameterType="Map">
        select * from user where name like #{name}
    </select>

实现

   public void getUserByID2(){
        SqlSession sqlSession = sqlSessionFactory.getsqlSession();
        userMapper mapper = sqlSession.getMapper(userMapper.class);
        Map<String, Object> map = new HashMap<>();
        map.put("name","%李%");
        List<User> userByID2 = mapper.getUserByID2(map);
        for (User user : userByID2) {
            System.out.println(user);
        }
        sqlSession.close();
    }

第二种

接口方法

//根据map查询用户
    List<User> getUserByID2(Map map);

编写Mapper.xml配置

 <!--模糊查询-->
    <select id="getUserByID2" resultType="com.Google.pojo.User" parameterType="Map">
        select * from user where name like "%" #{name} "%"
    </select>

实现

   public void getUserByID2(){
        SqlSession sqlSession = sqlSessionFactory.getsqlSession();
        userMapper mapper = sqlSession.getMapper(userMapper.class);
        Map<String, Object> map = new HashMap<>();
        map.put("name","李");
        List<User> userByID2 = mapper.getUserByID2(map);
        for (User user : userByID2) {
            System.out.println(user);
        }
        sqlSession.close();
    }

一种是在编写参数时,加入%%,另一种是在Mapper.xml中拼接%%

上一篇:一级缓存


下一篇:MyBatis学习笔记