[Mybatis] Mapper #{} and ${} in MyBatis

Others 2020-09-21 11:44:48 views: null

The difference between #{} and ${}

#{} is a placeholder, pre-compilation processing;
${} is a splicing character, string replacement, no pre-compilation processing.

When Mybatis processes #{}, #{} incoming parameters are passed in as strings, and #{} in SQL will be replaced with? Signs, and the set method of PreparedStatement will be called to assign values.

When Mybatis is processing, the original value is passed in, that is, {} is replaced with the value of the variable, which is equivalent to the replacement of the Statement compiled variable in JDBC; #{} The corresponding variable is automatically added with single quotes ``; after the variable is replaced, The variable corresponding to $() will not be enclosed in single quotes''

#{} can effectively prevent SQL injection and improve system security;
${} cannot prevent SQL injection

The variable substitution of #{} is in the DBMS; the variable substitution of ${} is outside the DBMS.

Guess you like

Origin blog.csdn.net/Black_Customer/article/details/107419725
Recommended
Ranking
error: (-215:Assertion failed) !_img.empty() in function ‘cv::imwrite‘
Database migration between Navicat servers
Minimum number of rotation of the array: Array
balenaEtcher for mac (make a boot disk software) v1.5.67
Custom processing serialization and deserialization in jackson
Mu-en-mask system development software
Mastering Regular Expressions
Find mileage Java--
Web pages can not directly concern the public micro-channel number how to do? A key to arouse public concern number of micro-channel solutions
[CodeForces - 739B] Alyona and a tree Tree + [difference] + bipartite
Daily
More
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)

Code World

© 2018 codetd.com