¥{}的本质就是字符串拼接(可能造成sql注入),#{}的本质就是占位符赋值(可以避免sql注入)
¥{}使用字符串拼接的方式拼接sql,若为字符串类型或日期类型的字段进行赋值时,需要手动加单引号
#{}使用占位符赋值的方式拼接sql,此时为字符串类型或日期类型的字段进行赋值时,可以自动添加单引号
例:根据userName进行查询 mapper接口:
User getUserByUsername(String username);
映射文件:
<select id="getUserByUsername" resultType="User">
<!--select * from t_user where username = #{username}-->
select * from t_user where username = ${username}
</select>
测试类:
@Test
public void testGetUserByUsername() throws IOException {
SqlSession sqlSession = SqlSessionUtils.getSqlSession();
UserMapper mapper = sqlSession.getMapper(UserMapper.class);
User user = mapper.getUserByUsername("pz");
System.out.println(user);
}
对于单个字面量类型的参数可直接使用¥{}和#{}以任意的名称获取参数的值
mapper接口:
User checkLogin(String username, String password);
映射文件:
<select id="checkLogin" resultType="User">
select * from t_user where username = #{arg0} and password = #{arg1}
</select>
测试文件:
@Test
public void testCheckLogin() throws IOException {
SqlSession sqlSession = SqlSessionUtils.getSqlSession();
UserMapper mapper = sqlSession.getMapper(UserMapper.class);
User user = mapper.checkLogin("pz","dadad");
System.out.println(user);
}
mybatis会将参数放在map集合中,以两种方式进行存储数据
因此通过¥{}和#{}访问map集合的键就可以获得对应的值,¥{}要手动加单引号)
mapper接口:
User checkLoginMap(Map<String,Object> map);
映射文件:
<select id="checkLoginMap" resultType="User">
select * from t_user where username = #{username} and password = #{password}
</select>
测试文件:
@Test
public void testCheckLoginMap() throws IOException {
SqlSession sqlSession = SqlSessionUtils.getSqlSession();
UserMapper mapper = sqlSession.getMapper(UserMapper.class);
Map<String,Object> map = new HashMap<>();
map.put("username","pz");
map.put("password", "dadad");
User user = mapper.checkLoginMap(map);
System.out.println(user);
}
若mapper接口中的方法需要的参数为多个时,此时可以手动创建map集合,将这些数据放在map中,只需要通过¥{}和#{}访问map集合的键就可以获取相对应的值
mapper接口:
void insertUser(User user);
映射文件:
<insert id="insertUser">
insert into t_user values (null,#{username},#{password},#{age},#{gender},#{email})
</insert>
测试文件:
@Test
public void testInsertUser() throws IOException {
SqlSession sqlSession = SqlSessionUtils.getSqlSession();
UserMapper mapper = sqlSession.getMapper(UserMapper.class);
User user = new User(null,"老刘","laoliu",34,"男","10090@qq.com");
mapper.insertUser(user);
}
若mapper接口方法的参数为实体类类型的参数 只需要通过#{}或¥{}来访问实体类中的属性名,就可以获取相对应的属性值添加用户信息
mapper接口:
User checkLoginParameters(@Param("username") String username, @Param("password") String password);
映射文件:
<select id="checkLoginParameters" resultType="User">
select * from t_user where username = #{username} and password = #{password}
</select>
测试文件:
@Test
public void testCheckLoginParam() throws IOException {
SqlSession sqlSession = SqlSessionUtils.getSqlSession();
UserMapper mapper = sqlSession.getMapper(UserMapper.class);
User user = mapper.checkLogin("pz","dadad");
System.out.println(user);
}
mybatis会将这些参数放在map中,以两种方式进行存储
为方便,一般情况下将@Param注解的value和参数设置为一样的
本文章使用limfx的vscode插件快速发布