1、${}拼串进行模糊查询,不安全
示例代码:
接口定义:package com.mybatis.dao; import com.mybatis.bean.Employee; import java.util.List;public interface EmployeeMapper { public List getEmpsTestInnerParameter(Employee employee);}mapper定义: 测试代码:package com.mybatis.demo;import com.mybatis.bean.Department;import com.mybatis.bean.Employee;import com.mybatis.dao.EmployeeMapper;import org.apache.ibatis.io.Resources;import org.apache.ibatis.session.SqlSession;import org.apache.ibatis.session.SqlSessionFactory;import org.apache.ibatis.session.SqlSessionFactoryBuilder;import org.junit.Test;import java.io.IOException;import java.io.InputStream;import java.util.ArrayList;import java.util.List;public class MyTest { public SqlSessionFactory getSqlSessionFactory() throws IOException { String resource = "mybatis-config.xml"; InputStream inputStream = Resources.getResourceAsStream(resource); return new SqlSessionFactoryBuilder().build(inputStream); } @Test public void test() throws IOException { SqlSessionFactory sqlSessionFactory = getSqlSessionFactory(); SqlSession openSession = sqlSessionFactory.openSession(true); try { EmployeeMapper mapper = openSession.getMapper(EmployeeMapper.class); Employee employee = new Employee("e"); List list = mapper.getEmpsTestInnerParameter(employee); for (Employee emp : list) { System.out.println(emp); } } finally { openSession.close(); } }} 2、使用bind标签进行模糊查询
示例代码一:
接口定义:package com.mybatis.dao;import com.mybatis.bean.Employee;import java.util.List;public interface EmployeeMapper { public List getEmpsTestInnerParameter(Employee employee);}mapper定义: 测试代码:package com.mybatis.demo;import com.mybatis.bean.Department;import com.mybatis.bean.Employee;import com.mybatis.dao.EmployeeMapper;import org.apache.ibatis.io.Resources;import org.apache.ibatis.session.SqlSession;import org.apache.ibatis.session.SqlSessionFactory;import org.apache.ibatis.session.SqlSessionFactoryBuilder;import org.junit.Test;import java.io.IOException;import java.io.InputStream;import java.util.ArrayList;import java.util.List;public class MyTest { public SqlSessionFactory getSqlSessionFactory() throws IOException { String resource = "mybatis-config.xml"; InputStream inputStream = Resources.getResourceAsStream(resource); return new SqlSessionFactoryBuilder().build(inputStream); } @Test public void test() throws IOException { SqlSessionFactory sqlSessionFactory = getSqlSessionFactory(); SqlSession openSession = sqlSessionFactory.openSession(true); try { EmployeeMapper mapper = openSession.getMapper(EmployeeMapper.class); Employee employee = new Employee("e"); List list = mapper.getEmpsTestInnerParameter(employee); for (Employee emp : list) { System.out.println(emp); } } finally { openSession.close(); } }} 示例代码二:
接口定义:package com.mybatis.dao;import com.mybatis.bean.Employee;import java.util.List;public interface EmployeeMapper { public List getEmpsTestInnerParameter(Employee employee);}mapper定义: 测试代码:package com.mybatis.demo;import com.mybatis.bean.Department;import com.mybatis.bean.Employee;import com.mybatis.dao.EmployeeMapper;import org.apache.ibatis.io.Resources;import org.apache.ibatis.session.SqlSession;import org.apache.ibatis.session.SqlSessionFactory;import org.apache.ibatis.session.SqlSessionFactoryBuilder;import org.junit.Test;import java.io.IOException;import java.io.InputStream;import java.util.ArrayList;import java.util.List;public class MyTest { public SqlSessionFactory getSqlSessionFactory() throws IOException { String resource = "mybatis-config.xml"; InputStream inputStream = Resources.getResourceAsStream(resource); return new SqlSessionFactoryBuilder().build(inputStream); } @Test public void test() throws IOException { SqlSessionFactory sqlSessionFactory = getSqlSessionFactory(); SqlSession openSession = sqlSessionFactory.openSession(true); try { EmployeeMapper mapper = openSession.getMapper(EmployeeMapper.class); Employee employee = new Employee("i"); List list = mapper.getEmpsTestInnerParameter(employee); for (Employee emp : list) { System.out.println(emp); } } finally { openSession.close(); } }}