The difference and cognition between Mybatis# and $

Recently, mybatis has a query requirement, which is to compare the product attributes with the product attribute strings in the database, so as to obtain the corresponding products through the attributes filtered by the user. After obtaining the json package 1 attribute value pair from the foreground, it is parsed in the background, and then the multiple attributes are stored in the List collection. Then pass the collection to the Mapper interface for query.

The value in the List collection looks like this

List < String > attr=newArrayList<String>();        

attr . add ( "'%\"Brand\":[%\"Playboy\"%]%'" );

attr . add ( "'%\"尺码\":[%\"M\"%]%'" );

The mapper interface looks like this:

//Get the category through the category id and product attributes

  List < Good > selectByAttributes(@Param("id")Integerid,@Param("attr")List<String>attr);         

Then the xml file query statement is like this:

    <!--Get the category through the category id and product attributes -->

    < select id="selectByAttributes"resultMap="BaseResultMap">    

     SELECT sg.id,sg.goodName,sg.status,sg.updateTime,sg.enteringTime,sg.updatePersonId,sg.enteringPersonId,sg.romotion,sg.totalSales ,sg.originalPrice

     from shop_good sg

     LEFT JOIN shop_base_attri_good sbag on sbag.goodId = sg.id

     where categoryId = #{id,jdbcType=INTEGER} and

      < foreach item="attribute"collection="attr"index="index"separator=" and ">        

          attributes like #{attribute}

      </ foreach >

    </ select >

Above, everything seems to feel good, the test runs the following, and the result obtained is that the size of List<Good> is 0

Look at the running log with a confused look:

[2018-04-18 15:09:35,700] [DEBUG] [org.mybatis.spring.transaction.SpringManagedTransaction.openConnection( SpringManagedTransaction.java:87 )] [JDBC Connection [com.mysql.jdbc.JDBC4Connection@3b718392] will not be managed by Spring]

[2018-04-18 15:09:35,712] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [==>  Preparing: SELECT sg.id,sg.goodName,sg.status,sg.updateTime,sg.enteringTime,sg.updatePersonId,sg.enteringPersonId,sg.romotion,sg.totalSales ,sg.originalPrice from shop_good sg LEFT JOIN shop_base_attri_good sbag on sbag.goodId = sg.id where categoryId = ? and attributes like ? and attributes like ? ]

[2018-04-18 15:09:35,796] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [==> Parameters: 64(Integer), '%"品牌":[%"花花公子"%]%'(String), '%"尺码":[%"M"%]%'(String)]

[2018-04-18 15:09:35,854] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [<==      Total: 0]

[2018-04-18 15:09:35,857] [DEBUG] [org.mybatis.spring.SqlSessionUtils.closeSqlSession( SqlSessionUtils.java:191 )] [Closing non transactional SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@d816dde]]

[2018-04-18 15:09:35,857] [DEBUG] [org.springframework.jdbc.datasource.DataSourceUtils.doReleaseConnection( DataSourceUtils.java:329 )] [Returning JDBC Connection to DataSource]

0

从上面看到查询语句没出错，传参也没错，于是不服的拿到navicat进行查询，结果如下：

于是很纳闷，问题出现在哪里，通过查阅mybatis相关数据，得知特殊字串的替换与处理问题，

mybatis中#与$的区别： #{} 在动态解析的时候， 会解析成一个参数标记符。 ${}在动态解析的时候，会将我们传入的参数当做String字符串填充到我们的语句中

• #方式能够很大程度防止sql注入。
• $方式无法防止Sql注入。
• $方式一般用于传入数据库对象，例如传入表名.

本次查询条件中包含特殊字符，我一开始使用的是#，所以会导致查询失败，改为$后查询就成功了。

[2018-04-18 15:21:11,633] [DEBUG] [org.mybatis.spring.transaction.SpringManagedTransaction.openConnection( SpringManagedTransaction.java:87 )] [JDBC Connection [com.mysql.jdbc.JDBC4Connection@7ee55e70] will not be managed by Spring]

[2018-04-18 15:21:11,651] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [==>  Preparing: SELECT sg.id,sg.goodName,sg.status,sg.updateTime,sg.enteringTime,sg.updatePersonId,sg.enteringPersonId,sg.romotion,sg.totalSales ,sg.originalPrice from shop_good sg LEFT JOIN shop_base_attri_good sbag on sbag.goodId = sg.id where categoryId = ? and attributes like '%"品牌":[%"花花公子"%]%' and attributes like '%"尺码":[%"M"%]%' ]

[2018-04-18 15:21:11,697] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [==> Parameters: 64(Integer)]

[2018-04-18 15:21:11,848] [DEBUG] [org.apache.ibatis.logging.jdbc.BaseJdbcLogger.debug( BaseJdbcLogger.java:159 )] [<==      Total: 7]

[2018-04-18 15:21:11,850] [DEBUG] [org.mybatis.spring.SqlSessionUtils.closeSqlSession( SqlSessionUtils.java:191 )] [Closing non transactional SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@d816dde]]

[2018-04-18 15:21:11,850] [DEBUG] [org.springframework.jdbc.datasource.DataSourceUtils.doReleaseConnection( DataSourceUtils.java:329 )] [Returning JDBC Connection to DataSource]

7