mybatis中#和$绑定参数: #{}将传入的数据都当成一个字符串,会对自动传入的数据加一个双引号。如:order by #{id},如果传入的值是111,那么解析成sql时的值为order by “111”, 如果传入的值是id,则解析成的sql为order by “id”。 ${}将传入的数据直接显示生成在sql中。如:order by ${id},如果传入的值是111,那么解析成sql时的值为order by 111, 如果传入的值是id,则解析成的sql为order by id。 #方式能够很大程度防止sql注入。 $方式无法防止Sql注入。 $方式一般用于传入数据库对象,例如传入表名. 一般能用#的就别用$. mybaties-config.xml配置: <?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd"> <configuration> <!-- 读取数据加配置文件 jdbc.properties --> <properties resource="jdbc.properties"/> <settings> <!-- 在控制台打印sql语句 --> <setting name="logImpl" value="LOG4J"/> </settings> <!-- 对实体类可以少写完整路径 --> <typeAliases> <package name="com.xxxxx.entity"/> </typeAliases> <!-- 配置环境变量,里面可以配置N个数据库 --> <environments default="development"> <environment id="development"> <transactionManager type="JDBC" /> <dataSource type="POOLED"> <property name="driver" value="${jdbc.driver}" /> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> </dataSource> </environment> </environments> <!-- 让mybaits来管理你所定义的所有自定义的文件 --> <mappers> <!-- 搜索 java接口 --> <package name="com.xxxxx.dao"/> </mappers> </configuration> Mapper.xml写法: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd"> <mapper namespace="com.xxxxxxx.dao.MajorMapper"> <insert id="insert" parameterType="com.xxxxxxx.entity.Major" useGeneratedKeys="true" keyProperty="majorId" flushCache="true"> insert into major (majorName) values (#{majorName}) </insert> <!-- 更新 --> <update id="update" parameterType="com.xxxxxxx.entity.Major"> update major set majorName=#{majorName} where majorId=#{majorId} </update> <!-- 简单的查询 --> <select id="findById" parameterType="int" resultType="com.xxxxxxx.entity.Major"> select * from major where majorId=#{majorId} </select> <!-- 根据条件查询 --> <select id="find" resultType="com.xxxxxxx.entity.Major"> select * from major <where> <if test="majorName!=null"> and majorName like #{majorName} </if> </where> </select> </mapper> MyBatiesUtil.java写法: public class MyBtaisUtil { private static SqlSessionFactory sessionFactory=null; static{ InputStream in=MyBtaisUtil.class.getResourceAsStream("/mybatis-config.xml"); sessionFactory=new SqlSessionFactoryBuilder().build(in); } public static SqlSession openSession(){ return sessionFactory.openSession(); } public static SqlSession openSession(boolean autoCommit){ return sessionFactory.openSession(autoCommit); } } 使用Mybaties: public class MajorServiceImpl implements MajorService { @Override public boolean insert(Major obj) { SqlSession session = MyBtaisUtil.openSession(); MajorMapper mapper = session.getMapper(MajorMapper.class); try { mapper.insert(obj); session.commit(); return true; } catch (Exception e) { session.rollback(); e.printStackTrace(); } finally { session.close(); } return false; } }
时间: 2024-10-07 10:00:10