模糊查询
<select id="getHintSourceTagsByTagName" resultMap="BaseResultMap">
<select
<include refid="Base_Column_List" />
from tb_hint_source_tag
where unit_posid = ${unitPosid}
and tag_name like '%${tagName}%'
</select>
上面有注入风险
应使用
<select id="getHintSourceTagsByTagName" resultMap="BaseResultMap">
select
<include refid="Base_Column_List" />
from tb_hint_source_tag
where unit_posid = #{unitPosid}
and tag_name like CONCAT('%',#{tagName},'%')
</select>