The difference between ${} and #{}

Others 2021-03-28 05:39:51 views: null

#{} is pre-compiled processing, $ {} is string replacement (used as a placeholder).

When mybatis processes #{}, it replaces #{} in sql with a? sign, and calls the set method of PreparedStatement to assign values;

When mybatis processes ${}, it replaces ${} with the value of the variable.

Using #{} can effectively prevent SQL injection and improve system security. SQL injection occurs during the compilation process, because some special characters are maliciously injected, and they are finally compiled into malicious execution operations. The pre-compilation mechanism can prevent SQL injection very well.

Guess you like

Origin blog.csdn.net/qq_36336332/article/details/100749480
Recommended
Ranking
PAT Level B 1094 Google's Recruitment (20 points) Python
Old Wei wins the offer to take you to learn --- brush (integer number 31. 1 appears) title series
Bilibili: Barrage Screening: Baijiaxing: Import XML directly
개체 배열 중복 제거
matplotlib—patches.Circle
[Observation] It is also a cordless vacuum cleaner, why does Dyson V10 dare to sell 4990 yuan?
0410
Apache Kafka message delivery reliability analysis
How hotel occupancy records inquiry etj
Essential knowledge for getting started with speculating in spot silver
Daily
More
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)

Code World

© 2018 codetd.com