<select id="select" parameterType="map" resultType="xxxModel">
select
*
from
xxxTable
where
cooperate_days > 120
<if test="clueType != null and clueType != ''">
AND clue_type = #{clueType}
</if>
order by apply_rate DESC
<if test="limit != null and limit != '' ">
LIMIT ${limit}
</if>
</select>
注意上面代码中的 #{} 和 ${}
对应的SQL语句:
select * from mart_fd.model_clue_manage_interface where cooperate_days > 120 AND clue_type = ? order by apply_rate DESC LIMIT 15000
#{} 处 是个占位符 ? , 而${} 处 是具体的值。
1 #是将传入的值当做字符串的形式,select * from xxxTable where xx =#{xx},即 select * from xxxTable where xx =‘1’.
2 $是将传入的数据直接显示生成sql语句,select * from xxxTable where xx =${xx},即 select * from xxxTable where xx = 1.
3 使用#可以很大程度上防止sql注入。