- --all 用$不能防sql注入
- select * from user where name like '%${name}%'
- --mysql,oracle (db2的concat函数只支持2个参数)
- select * from user where name like concat('%',#{name},'%')
- --oracle,db2
- select * from user where name like '%'||#{name}||'%'
- --SQL Server
- select * from user where name like '%'+#{name}+'%'
- --据说这种是预编译,有空测下
- select * from user where name like "%"#{name}"%"
Mybatis的模糊查询
最新推荐文章于 2024-05-14 07:49:39 发布