mybatis中参数传递,以表名作为参数
<select id="getRecodeCount" resultType="java.lang.Integer" parameterType="java.lang.String" statementType="STATEMENT">
select count(1) as recode_count
from ${tableName}
</select>
以表名作为参数,有sql注入风险
<select id="customQueryItem" parameterType="java.lang.String" resultType="java.util.LinkedHashMap">
${value}
</select>
执行传入的sql,返回查询结果集,有sql注入风险