-
#It takes the incoming value as a string, eg:,select id,name,age from student where id =#{id}when the current end passes the id value of 1 to the background, it is equivalent toselect id,name,age from student where id ='1'. -
$The incoming data is displayed directly generated sql statement, EG:select id,name,age from student where id =${id}, end the current id value of 1, passed back to the time equivalentselect id,name,age from student where id = 1. -
Use
#can be很大程度on防止sql注入. (Concatenation of sentences) -
But if it is used in
order by, it needs to be used$. -
It is often used in most cases
#, but must be used in different situations$.
I think that #with the {}incoming value, when sql parses, the parameter is not quoted.
- A: Understanding
mybatisof$the#
在mybatis中的$与#都是在sql中动态的传入参数。
eg:select id,name,age from student where name=#{name} 这个name是动态的,可变的。当你传入什么样的值,就会根据你传入的值执行sql语句。
- Two: use
$and#
#{}: Resolves to a JDBC prepared statement (prepared statement) parameter markers, one#{ }is interpreted as a参数占位符.${}: Just for one纯碎的 string 替换,动态 SQL 解析阶段will be carried out变量替换.
eg: name–>cy
-- name='cy' select id,name,age from student where name=#{name} -- name=cy select id,name,age from student where name=${name}
————————————————
Original link: https://blog.csdn.net/hao65103940/article/details/79099159