like的写法
and user_name like concat('%', #{userName}, '%')
IN语句查询
WHERE id IN
<foreach collection="list" item="id" index="index" open="(" close=")" separator=",">
#{id}
</foreach>
selectprovider 写法
public String getList(Vo vo, String[] storeArr){
StringBuilder sql = new StringBuilder(128);
sql.append("<script>select * from store where 1=1 ");
//这里两种方式都不好,第一个有注入风险,第二个查不到结果
//sql.append("and s.store_id in ('${storeIds}')")
//sql.append("and s.store_id in (#{storeIds})")
if(ObjectUtils.isEmpty(storeIdArr)){
sql.append("and 1=2 ");
}else {
//推荐此种方式动态拼接id
sql.append("and store_id in <foreach item='item' collection='storeIdArr' open='('
separator=',' close=')'>#{item}</foreach> ");
}
if (StringUtils.isNotBlank(storeVo.getStoreName())){
sql.append(" and store_name like concat('%',#{storeVo.storeName},'%') ");
}
sql.append("</script>");
return sql.toString();
}