Article Directory
1 Introduction
How to use #{} and ${} and the difference between them are extended by the following code.
//数据库中的语法
INSERT INTO account (aname,alias_name,age) VALUES('玛莎','莎莎',20);
//jdbc中为了防止SQL注入我们使用prepareStatement
//这种从对象中获取属性值的方式,是通过OGNL对象图表达式语言完成的。
Account account = new Account();
account.setAname("张三")
account.setAlias_name("三")
account.setAge(20)
PreparedStatement pre = connection.prepareStatement("insert into account (aname,alias_name,age) values(?,?,?)");
pre.setString(1,account.getAname());
pre.setString(2,account.getAlias_name());
pe.setString(3,account.getAge());
2. The difference between #{} and ${}
- Similarities: all are parameter substitution
- Difference 1: #() will be automatically added according to the parameter type'' and $() is just a replacement
- Difference 2: #()In the conditional statement where aid=#(aid) can directly use #(), if it is $(), an error will be reported.
Here is the specific code demonstration:
<select id="selectOne" resultType="Account">
select
aid,aname,alias_name as aliasname,age
from
account
where aid=${aid}
</select>
Error message:
Cause: org.apache.ibatis.reflection.ReflectionException: There is no getter for property named ‘aid’ in ‘class java.lang.Integer’
Solution:
${}
For int and Integer numeric types, it must be passed ${value}
.
Once identified, ${value}
it will be replaced directly, without using OGNL
Why do you say but ${}
just replace what does it mean?
AccountMapper.xml file
<insert id="insert">
insert
into
account(aname,alias_name,age)
values (${aname},${aliasname},${age})
</insert>
test:
@Test
public void insert(){
account.setAge(25);
account.setAliasname("智智");
account.setAname("李智234789");
accountMapper.insertAccount(account);
}
Result: After
running, we found that the SQL statement values value did not have double quotes
SQL: insert into account(aname,alias_name,age) values (李智234,智智,25)
So the database does not recognize this statement but we can also add it manually ''
For example, the following operations:
@Test
public void insert(){
account.setAge(25);
account.setAliasname("'智智'");
account.setAname("'李智234789'");
accountMapper.insertAccount(account);
}
After running, we found that this statement
was added to the database. Obviously it is very cumbersome, so it will appear #{} He will help us to automatically add according to the type of attribute. ''
Modify the above configuration file AccountMapper.xml or the values statement asvalues ('${aname}','${aliasname}','${age}')
实质上:就是利用 prepareStatement进行sql的执行
<insert id="insert">
insert
into
account(aname,alias_name,age)
values (#{
aname},#{
aliasname},#{
age})
</insert>
3. Mohu query
#{}模胡Query
AccountMapper.xml file
<select id="selectLike" resultType="account">
select
aid,aname,alias_name as aliasname,age
from
account
where aname like #{
anme}
</select>
test:
@Test
public void select(){
List<Account> list = accountMapper.selectLike("%李%");
System.out.println(JSON.toJSONString(list));
}
result:
[{"Age":23,"aid":19,"aliasname":"瑞瑞","aname":"李瑞"},{"age":20,"aid":21,"aliasname": "智智","aname":"李智"}]
Summary: Use #() fuzzy query to pass value usage%李%
#{}Fuzzy query
<select id="selectLike" resultType="account">
select
aid,aname,alias_name as aliasname,age
from
account
<!--
where aname like '${value}'
List<Account> list = accountMapper.selectLike("%李%");
-->
where aname like ${value}
</select>
@Test
public void select(){
List<Account> list = accountMapper.selectLike("'%李%'");
System.out.println(JSON.toJSONString(list));
}
result:
[{"Age":23,"aid":19,"aliasname":"瑞瑞","aname":"李瑞"},{"age":20,"aid":21,"aliasname": "智智","aname":"李智"}]
Summary: Method 1: Use #{} fuzzy query to pass the value and use it in the '%李%'
xml file. ${value}
Method 2: Use it directly in the xml file to '${value}'
pass the value %李%