开发思考由来:
<select id="findUserByUsername" parameterType="java.lang.String"
resultType="com.zzu.ssm.po.User">
select * from user where username like '%${name}%'
</select>
// 创建数据库会话实例sqlSession
sqlSession = sqlSessionFactory.openSession();
// 模糊查询用户信息
List list = sqlSession.selectList(“findUserByUsername”, “小明”);
执行报以前下错误
org.apache.ibatis.exceptions.PersistenceException:
Error querying database. Cause: org.apache.ibatis.reflection.ReflectionException: There is no getter for property named ‘name’ in ‘class java.lang.String’
Cause: org.apache.ibatis.reflection.ReflectionException: There is no getter for property named ‘name’ in ‘class java.lang.String’
at org.apache.ibatis.exceptions.ExceptionFactory.wrapException(ExceptionFactory.java:30)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:150)
at org.apache.ibatis.session.defaults.DefaultSqlSession.selectList(DefaultSqlSession.java:141)
at com.zzu.ssm.po.test.MyBatisTest.TestFindUserByUsername(MyBatisTest.java:53)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:26)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86)
at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382)
at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
修改参数名称必须为value可以
<select id="findUserById" parameterType="int" resultType="com.zzu.ssm.po.User">
select * from user where id=#{id}
</select>
<select id="findUserByUsername" parameterType="java.lang.String"
resultType="com.zzu.ssm.po.User">
select * from user where username like '%${value}%'
</select>
注意:模糊查询如果是取简单数量类型的参数,括号中的参数名称必须为value
- 区别1
#{} :相当于JDBC SQL语句中的占位符? (PreparedStatement)
${} : 相当于JDBC SQL语句中的连接符合 + (Statement)
- 区别2
#{} : 进行输入映射的时候,会对参数进行类型解析(如果是String类型,那么SQL语句会自动加上’ ')
${} :进行输入映射的时候,将参数原样输出到SQL语句中
- 区别3
#{} : 如果进行简单类型(String、Date、8种基本类型的包装类)的输入映射时,#{}中参数名称可以任意
${} :如果进行简单类型(String、Date、8种基本类型的包装类)的输入映射时,参数名称必须是value
- 区别4
${} :存在SQL注入问题 ,使用OR 1=1 关键字将查询条件忽略。