实例:
#{}的情况:
select name form student where age=#{studentAge};
参数studentAge=18
编译后
select name form student where age=?;
${}的情况:
select name form student where age=${studentAge};
参数studentAge=18
编译后
select name form student where age=18;
说明:
由上面的实例可见
1.${}在编译过程中进行了sql注入,将传参的值直接传入到了sql语句中。而#{}则没有。比如:order by ${111} ,编译后 order by 111.order by ${id} ,编译后,order by id
2.#{}将传入的值当作字符串,会对自动传入数据加一个双引号。比如:order by ${111} ,编译后 order by “111”.order by ${id} ,编译后,order by ”id“
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
