SQL语句
select * from emp where name like '%张%' and gender = 1 and entrydate between '2010-01-01' and '2020-01-01'order by update_time desc ;
接口方法
@Select("select * from emp where name like '%#{name}%' and gender = #{gender} and "+
"entrydate between #{begin} and #{end} order by update_time desc ")
public List<Emp> list(String name, Short gender, LocalDate begin,LocalDate end);
缺点:不是预编译的SQL,存在性能低,不安全,存在SQL注入问题
解决方法:concat 字符串拼接函数,预编译的SQL
SQL语句
select * from emp where name like concat('%',?,' %') and gender = 1 and entrydate between '2010-01-01' and '2020-01-01'order by update_time desc ;Q
select concat('hello',' mysql',' world');
接口方法
@Select("select * from emp where name like concat('%',#{name},'%') and gender = #{gender} and "+
"entrydate between #{begin} and #{end} order by update_time desc ")
public List<Emp> list(String name, Short gender, LocalDate begin,LocalDate end);