mybatis学习$与#号取值区别

1,多个参数传递用map或实体封装后再传给myBatis,

 

 

mybatis学习$与#号取值区别

#{} 1.加了单引号,  2.#号写是可以防止sql注入,比较安全

select * from user where username=#{username} and password=#{password}  变成 ...where username=‘张三’ and password=‘123’

${}  2.没有加单引号  2.${}写法无法防止sql注入(模湖查询时用‘%${username}%’) 或用cancat ('%',${username},'%')

select * from user where username=${username} and password=${password}  变成 ...where username=张三 and password=123

 

转载于:https://www.cnblogs.com/gzhbk/p/9499160.html

你可能感兴趣的:(java)