• 周四. 10 月 3rd, 2024

5G编程聚合网

5G时代下一个聚合的编程学习网

热门标签

Several ways to realize fuzzy query of ${} and {} in mybatis

King Wang

1 月 3, 2022

Direct transmission of reference

Direct transmission of reference , Is the keyword to be queried keyword, Put together the format of the query in the code , Such as %keyword%, And then directly pass in as a parameter mapper.xml In the mapping file of .

public void selectBykeyWord(String keyword) {
   String id = "%" + keyword + "%";
   String roleType = "%" + keyword + "%";
   String roleName = "%" + keyword + "%";
   userDao.selectBykeyWord(id,roleName,roleType);
 }

stay Dao Layer specifies the alias of each parameter

The code is as follows :

List<RoleEntity> selectBykeyWord(@Param(“id”) String id,@Param(“roleName”) String roleName,@Param(“roleType”) String roleType);

<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">

    SELECT

      *

    FROM

      t_role

    WHERE

      role_name LIKE #{roleName}

      OR id LIKE #{id}

      OR role_type LIKE #{roleType}

  </select>

Executed SQL sentence :

SELECT
  *
FROM
  t_role
WHERE
  role_name LIKE '%why%'
OR id LIKE '%why%'
OR role_type LIKE '%why%';

CONCAT() function

MySQL Of CONCAT() Function is used to connect multiple strings into one string , Is the most important mysql One of the functions .

CONCAT(str1,str2,...)

List<RoleEntity> selectBykeyWord(@Param("keyword") String keyword);

<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">

  SELECT

    *

  FROM

    t_role

  WHERE

    role_name LIKE CONCAT('%',#{keyword},'%')

  OR

    id LIKE CONCAT('%',#{keyword},'%')

  OR

    role_type LIKE CONCAT('%',#{keyword},'%')

</select>

  perhaps  “%”#{keyword}”%”

<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">
  SELECT
    *
  FROM
    t_role
  WHERE
    role_name LIKE "%"#{keyword}"%"
  OR
    id LIKE "%"#{keyword}"%"
  OR
    role_type LIKE "%"#{keyword}"%"
</select>

Of course , You can also use $, But you need to pay special attention to the problem of single quotation marks .

  • #{ } It’s precompiling ,MyBatis Processing #{ } when , It will be sql Medium #{ } Replace with ?, And then call PreparedStatement Of set Method to assign a value , After passing in the string , A single quotation mark will be placed around the value , Use placeholders to improve efficiency , Can prevent sql Inject .

  • ${}: Indicates splicing sql strand , The content of the received parameter is spliced in… Without any decoration sql in , May trigger sql Inject .

  The following methods are not recommended :

<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">
  SELECT
    *
  FROM
    t_role
  WHERE
    role_name LIKE CONCAT('%',${keyword},'%')
  OR
    id LIKE CONCAT('%',${keyword},'%')
  OR
    role_type LIKE CONCAT('%',${keyword},'%')
</select>
<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">
  SELECT
    *
  FROM
    t_role
  WHERE
    role_name LIKE '%${keyword}%'
  OR
    id LIKE '%${keyword}%'
  OR
    role_type LIKE '%${keyword}%'
</select>

Mybatis Of bind

List<RoleEntity> selectBykeyWord(@Param("keyword") String keyword);

<select id="selectBykeyWord" parameterType="string" resultType="com.why.mybatis.entity.RoleEntity">

    <bind name="pattern" value="'%' + keyword + '%'" />

    SELECT

    *

    FROM

    t_role

    WHERE

    role_name LIKE #{pattern}

    OR

    id LIKE #{pattern}

    OR

    role_type like #{pattern}

  </select>

 mabatis String equality judgment Need to increase  .toString()

Sample complex query : 

<select id="regionQuery" resultMap="resultMap"
parameterType="com.cy.param.queryParam">
SELECT * from (
SELECT region.*,
GROUP_CONCAT(distinct region.type, '_', region.count) type_count_list,
GROUP_CONCAT(distinct person.obj_type, '_', person.obj_value) obj_type_value_list,
person.longitude longitude,
person.latitude latitude,
person.address address,
person.wifi_name wifi_name,
person.wifi_mac wifi_mac,
person.gps_mac gps_mac,
person.gps_imei gps_imei,
person.gather_flag gather_flag
FROM (
SELECT agg.*,
dict.type AS type,
dict.`value` AS count,
dict.privilege
FROM monitor_region_agg agg
LEFT JOIN monitor_dict dict ON agg.region_id = dict.region_id
AND dict.type IN ('attation', 'readStatus')
<if test="userId != null and userId != ''">
and dict.gmt_creator = #{userId}
</if>
<if test="regionIdList != null and regionIdList.size > 0">
and agg.region_id in
<foreach collection="regionIdList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
</if>
<if test="regionIdList != null and regionIdList.size > 0">
and dict.region_id in
<foreach collection="regionIdList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
</if>
) region
LEFT JOIN monitor_region_person_relation person ON region.region_id = person.region_id
WHERE region.`is_delete` = '0'
AND person.`is_delete` = '0'
AND person.gather_flag = '0'
<if test="regionTypeList != null and regionTypeList.size > 0">
and region.region_type in
<foreach collection="regionTypeList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
</if>
<if test="areaCodeList != null and areaCodeList.size > 0">
AND ( region.region_province_code in
<foreach collection="areaCodeList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
or region.region_city_code in
<foreach collection="areaCodeList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
or region.region_district_code in
<foreach collection="areaCodeList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
)
</if>
<if test="tenantCode != null and tenantCode != ''">
and region.tenant_code = #{tenantCode}
</if>
<if test="businessCode != null and businessCode != ''">
and region.business_code = #{businessCode}
</if>
<if test="appCode != null and appCode != ''">
and region.app_code = #{appCode}
</if>
<if test="startDate != null and startDate != ''">
<![CDATA[
AND region.risk_date >= #{startDate}
]]>
</if>
<if test="endDate != null and endDate != ''">
<![CDATA[
AND region.risk_date <= #{endDate}
]]>
</if>
<if test="searchValue != null and searchValue != ''">
AND (region.region_name LIKE concat('%', #{searchValue}, '%') OR
person.obj_value LIKE concat('%', #{searchValue}, '%'))
</if>
<if test="regionTypeList != null and regionTypeList.size > 0">
and region.region_type in
<foreach collection="regionTypeList" item="code" index="index" open="(" close=")" separator=",">
#{code}
</foreach>
</if>
) result
WHERE 1 = 1
<if test="attentionSign != null and attentionSign == '1'.toString()">
AND type_count_list LIKE '%attation%'
</if>
<if test="attentionSign != null and attentionSign == '0'.toString()">
AND type_count_list NOT LIKE '%attation%'
</if>
<if test="readSign != null and readSign == '1'.toString()">
AND type_count_list LIKE '%readStatus%'
</if>
<if test="readSign != null and readSign == '0'.toString()">
AND type_count_list NOT LIKE '%readStatus%'
</if>
GROUP BY region_id
<if test="orderField != null and orderField != ''">
ORDER BY #{orderField}
<if test="order != null and order != ''">
#{order}
</if>
</if>
</select>

 

发表回复