各位老头你们好不好, 想当初你们肯定也和我一样,在入职一家新的公司之后面对自己不熟悉的开发环境,以及全新的开发框架,我不知道你们当时是怎样的心情 , 反正我的内心是这样的,
sorry自己脑补图片 ,好啦废话不多说 ,今天就简单给大家详细的介绍一下,最近在公司遇到的非常简单的知识点。
接到任务1:实现动态分页模糊查询前端的数据
错误的操作:
首先在项目的mapper.xml中新建两个查询动态sql 分别是: 模糊分页查询动态方法 模糊查询总条数
上代码:
模糊分页查询动态方法
<select id="SelectLiterature" resultMap="BaseResultMap" parameterType="cn.medsci.pv.literature.dto.LiteratureSearchDto">
select * from literature_info where 1=1
<if test="quarry!=null">
and quarry like '%${quarry}%'
</if>
<if test="years!=null">
and years = #{years}
</if>
<if test="title!=null">
and title like '%${title}%'
</if>
<choose>
<when test=" durgName != null and eventName != null and keyword != null">
and keyword like '%${durgName}%' or keyword like '%${eventName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName != null and eventName != null and keyword == null ">
and keyword like '%${durgName}%' or keyword like '%${eventName}%'
</when>
<when test=" durgName != null and eventName == null and keyword != null">
and keyword like '%${durgName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName == null and eventName != null and keyword != null">
and keyword like '%${eventName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName != null and eventName == null and keyword == null">
and keyword like '%${durgName}%'
</when>
<when test=" durgName == null and eventName != null and keyword == null">
and keyword like '%${eventName}%'
</when>
<when test=" durgName == null and eventName == null and keyword != null">
and keyword like '%${keyword}%'
</when>
<otherwise>
</otherwise>
</choose>
limit ${pageIndex} , ${pageSize}
</select>模糊查询总条数
<select id="SelectLiteratureCount" resultType="java.lang.Integer" parameterType="cn.medsci.pv.literature.dto.LiteratureSearchDto" >
select count(1) from literature_info where 1=1
<if test="quarry!=null">
and quarry like '%${quarry}%'
</if>
<if test="years!=null">
and years = #{years}
</if>
<if test="title!=null">
and title like '%${title}%'
</if>
<choose>
<when test=" durgName != null and eventName != null and keyword != null">
and keyword like '%${durgName}%' or keyword like '%${eventName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName != null and eventName != null and keyword == null ">
and keyword like '%${durgName}%' or keyword like '%${eventName}%'
</when>
<when test=" durgName != null and eventName == null and keyword != null">
and keyword like '%${durgName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName == null and eventName != null and keyword != null">
and keyword like '%${eventName}%' or keyword like '%${keyword}%'
</when>
<when test=" durgName != null and eventName == null and keyword == null">
and keyword like '%${durgName}%'
</when>
<when test=" durgName == null and eventName != null and keyword == null">
and keyword like '%${eventName}%'
</when>
<when test=" durgName == null and eventName == null and keyword != null">
and keyword like '%${keyword}%'
</when>
<otherwise>
</otherwise>
</choose>
</select>
其中在开发这部分的时候 我犯了一个非常低级的错误 就是在使用模糊查询的时候 我错误的 将 '%${eventName}%' 写成 '%#{eventName}%' 我相信这个吧错误很多的小伙伴都犯过。。。。。具体官方的解释是这样的
1.表达式: name like"%"#{name}"%"
==> Preparing: select * from bbs_brand WHERE namelike"%"?"%"and falg=? limit 0 , 10
==>Parameters: 莲(String), 1(Integer)
能够查询出来,没有问题,这是使用了占位符来占位,写成SQL就是: name like "%"'莲'"%"没有问题
2.表达式: name like '%${name}%'
Preparing:select count(0) from (select * from bbs_brand WHERE name like'%莲%' and falg=?) as total
Parameters: 1(Integer)
使用$进行字符串的拼接,直接把传入的值,拼接上去了,没有任何问题
-
#将传入的数据当成一个字符串,会对自动传入的数据加一个双引号。例如
order by #id#,如果传入的值是111,那么解析成sql时的值变为order by "111",如果传入的值是id,在解析成sql为order by "id"
其实原sql语句通常写成 order by #{id} 与order by #id#的效果一样
-
2
2、$将传入的数据直接显示在sql语句中。例如 order by ${id},如果传入的值是9则解析成sql语句为order by 9
-
3
3、#方式能够很大程度上防止sql注入,而$无法防止sql的注入,
$一般用于传入数据库对象,例如传入表名
一般能用#就别用$
mybatis排序时使用order by动态参数时需要住哟,使用$而不是#
好啦 今天就先到这里 下次 我们在见!
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
