#{}:如果传入的是字符串,则会将其中的值作为字符串拼接到sql上。 安全。
${}:如果传入的是字符串,则不会作为字符串,而是直接拼接到sql上。不安全。
条件名:name = "age"
select * from user order by #{name}; --> select * from user order by 'age'; select * from user order by ${name}; --> select * from user order by age;
#{}:如果传入的是字符串,则会将其中的值作为字符串拼接到sql上。 安全。
${}:如果传入的是字符串,则不会作为字符串,而是直接拼接到sql上。不安全。
条件名:name = "age"
select * from user order by #{name}; --> select * from user order by 'age'; select * from user order by ${name}; --> select * from user order by age;
转载于:https://www.cnblogs.com/jumpkin1122/p/11603001.html