1, # {} is a pre-compiler process, the processing MyBatis # {}, it will in sql # {} is replaced with? , Then call a method of a PreparedStatement set assignment, the incoming string, an apostrophe will sides value, if the above value "4,44,514" becomes "" 4,44,514 " ';
2、 {} with the value of the variable, not the incoming data on both sides with an apostrophe added.
Note: Use the $ {} will cause sql injection, is not conducive to the security of the system! SQL injection: is inserted into a Web form submitted by the SQL command or enter a domain name or page request query string, and ultimately deceive server to execute malicious SQL commands. Common are anonymous login (login box in malicious input string), with an exception to get database information
package com.xiaobu.mapper;
import com.xiaobu.base.mapper.MyMapper;
import com.xiaobu.entity.Country;
import java.util.List;
/**
* @author xiaobu
* @version JDK1.8.0_171
* @date on 2018/11/27 19:21
* @description V1.0
*/
public interface CountryMapper extends MyMapper<Country> {
/**
* 功能描述:通过#{}来进行查询
*
* @param ids id
* @return java.util.List<com.xiaobu.entity.Country>
* @author xiaobu
* @date 2019/7/26 11:53
* @version 1.0
*/
List<Country> findList(String ids);
/**
* 功能描述:通过${}来进行查询
*
* @param ids id
* @return java.util.List<com.xiaobu.entity.Country>
* @author xiaobu
* @date 2019/7/26 11:53
* @version 1.0
*/
List<Country> findList2(String ids);
/**
* 功能描述: 通过foreach来进行查询
*
* @param ids id
* @return java.util.List<com.xiaobu.entity.Country>
* @author xiaobu
* @date 2019/7/26 11:53
* @version 1.0
*/
List<Country> findListByForEach(List<Integer> ids);
}
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" >
<mapper namespace="com.xiaobu.mapper.CountryMapper">
<select id="findList" resultType="com.xiaobu.entity.Country">
select * from country where id in (#{ids} )
</select>
<select id="findList2" resultType="com.xiaobu.entity.Country">
select * from country where id in (${ids} )
</select>
<select id="findListByForEach" parameterType="List" resultType="com.xiaobu.entity.Country">
select * from country where id in
<foreach collection="list" index="index" item="item" open="(" separator="," close=")">
#{item}
</foreach>
</select>
</mapper>
@Test
public void countTotal(){
//统计总数 SELECT COUNT(Id) FROM country
Example example = new Example(City.class);
int count =countryMapper.selectCountByExample(example);
System.out.println("count = " + count);
//按条件查询 SELECT COUNT(Id) FROM country
Country country = new Country();
//country.setCountryname("1234");
int conunt2 = countryMapper.selectCount(country);
System.out.println("conunt2 = " + conunt2);
}
@Test
public void findList(){
//Preparing: select * from country where id in ( '1,2,3')
List<Country> countries = countryMapper.findList("1,2,3");
//countries = [Country(countryname=Angola, countrycode=AO)]
System.out.println("countries = " + countries);
//报错 There is no getter for property named 'ids' in 'class java.lang.String
List<Country> countries2 = countryMapper.findList2("1,2,3");
System.out.println("countries2 = " + countries2);
}
@Test
public void findListByForeach(){
//Preparing: select * from country where id in ( ? , ? , ? )
//Parameters: 1(Integer), 2(Integer), 3(Integer)
List<Integer> list = new ArrayList<>(3);
list.add(1);
list.add(2);
list.add(3);
List<Country> countries2 = countryMapper.findListByForEach(list);
System.out.println("countries2 = " + countries2);
}
foreach Description
- Each item represents the elements in the set of alias iteration,
- specify a name index for representing the iterative process, each iteration of the location,
- open statement to indicate the start of what,
- separator between each iteration represents what symbol as a delimiter,
- It represents close to what end.
- collection refers to the parameter type
