目录
Mybatis中Like模糊查询三种处理方式
1.通过单引号拼接+${}
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
2.通过concat()函数拼接(个人推荐使用这种)
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
3.通过"%"#{}"%"
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
附加
1.User实体
2.LikeMapper类
3.LikeMapperTest代码
4.LikeMapper.xml文件
5.表结构
Mybatis中Like模糊查询三种处理方式
1.通过单引号拼接+${}
这种方法使用了字符串替换的方式来进行模糊查询。但是这种方式存在SQL注入的风险,因为"${name}"
会直接将变量值插入到SQL语句中,如果输入没有经过适当的过滤,则可能会导致安全问题。
注:在XML文件中不建议使用'%${name}%'的方式,而是应该使用concat()或者%' + #{name} + '% '来避免SQL注入。
1)mapper接口
/*** 通过单引号拼接+${}*/
public List<User> getLikeBySingleQuote(String name);
2)Mapper.xml
<!--单引号拼接+${}--> <select id="getLikeBySingleQuote" resultType="org.xiji.enty.User">select * from user where username like '%${name}%' </select>
3)测试代码
/*** 通过单引号拼接+${}* '%${}%'*/ @Test public void testGetLikeBySingleQuote(){String name = "xiji";List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name);System.out.println(likeBySingleQuote.toString()); }
4) 测试结果
2.通过concat()函数拼接(个人推荐使用这种)
使用数据库的concat()函数可以避免SQL注入的问题,并且是跨平台的(MySQL, PostgreSQL等支持concat()或类似函数)。
1)mapper接口
/*** 通过ConCat函数拼接**/ public List<User> getLikeByConCat(String name);
2)Mapper.xml
<!--concat函数拼接-->
<select id="getLikeByConCat" resultType="org.xiji.enty.User">select * from user where username like concat('%',#{name},'%')
</select>
3)测试代码
/*** 通过concat函数拼接* concat('%',#{name},'%')*/ @Test public void testGetLikeByConCat(){String name = "xiji";List<User> likeByConCat = likeMapper.getLikeByConCat(name);System.out.println(likeByConCat.toString()); }
4) 测试结果
3.通过"%"#{}"%"
这种方式也是安全的,并且简洁。它使用了MyBatis的预编译功能,自动对参数进行转义,防止SQL注入攻击。
注:虽然使用'%'#{name}'%'看起来简洁,但是在某些情况下,如果name包含特殊字符,可能需要进一步的处理来保证安全性和正确性。因此,推荐使用concat()函数来构建LIKE语句。
1)mapper接口
/*** 通过 “%”#{}“%” 拼接*/
public List<User> getLikeByPercent(String name);
2)Mapper.xml
<!-- "%"#{}"%" --> <select id="getLikeByPercent" resultType="org.xiji.enty.User">select * from user where username like "%"#{name}"%" </select>
3)测试代码
/*** 通过通过 "%"#{}"%" 拼接* like '%#{name}%'*/@Test public void testGetLikeByPercent(){String name = "xiji";List<User> likeByPercent = likeMapper.getLikeByPercent(name);System.out.println(likeByPercent.toString()); }
4) 测试结果
附加
1.User实体
package org.xiji.enty;public class User {private int id;private String username;private String password;private String userInfo;public User() {}public User(int id, String username, String password, String userInfo) {this.id = id;this.username = username;this.password = password;this.userInfo = userInfo;}public int getId() {return id;}public void setId(int id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public String getUserInfo() {return userInfo;}public void setUserInfo(String userInfo) {this.userInfo = userInfo;}@Overridepublic String toString() {return "User{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +", userInfo='" + userInfo + '\'' +'}';}
}
2.LikeMapper类
package org.xiji.mapper;import org.apache.ibatis.annotations.Mapper;
import org.xiji.enty.User;import java.util.List;/*** 模糊查询的三种方式*/
@Mapper
public interface LikeMapper {/*** 通过单引号拼接+${}*/public List<User> getLikeBySingleQuote(String name);/*** 通过ConCat函数拼接**/public List<User> getLikeByConCat(String name);/*** 通过 “%”#{}“%” 拼接*/public List<User> getLikeByPercent(String name);}
3.LikeMapperTest代码
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
import org.xiji.enty.User;
import org.xiji.mapper.LikeMapper;import java.util.List;@SpringJUnitConfig(locations = {"classpath:springConfig.xml"})
public class LikeMapperTest {@Autowiredprivate LikeMapper likeMapper;/*** 通过单引号拼接+${}* '%${}%'*/@Testpublic void testGetLikeBySingleQuote(){String name = "xiji";List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name);System.out.println(likeBySingleQuote.toString());}/*** 通过concat函数拼接* concat('%',#{name},'%')*/@Testpublic void testGetLikeByConCat(){String name = "xiji";List<User> likeByConCat = likeMapper.getLikeByConCat(name);System.out.println(likeByConCat.toString());}/*** 通过通过 “%”#{}“%” 拼接* like '%#{name}%'*/@Testpublic void testGetLikeByPercent(){String name = "xiji";List<User> likeByPercent = likeMapper.getLikeByPercent(name);System.out.println(likeByPercent.toString());}}
4.LikeMapper.xml文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="org.xiji.mapper.LikeMapper"><!--模糊查询的三种方式--><!--单引号拼接+${}--><select id="getLikeBySingleQuote" resultType="org.xiji.enty.User">select * from user where username like '%${name}%'</select><!--concat函数拼接--><select id="getLikeByConCat" resultType="org.xiji.enty.User">select * from user where username like concat('%',#{name},'%')</select><!-- ”%“#{}“%” --><select id="getLikeByPercent" resultType="org.xiji.enty.User">select * from user where username like "%"#{name}"%"</select>
</mapper>
5.表结构
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (`id` int NOT NULL AUTO_INCREMENT COMMENT '用户id',`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户名字',`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户密码',`userInfo` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户信息',PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;SET FOREIGN_KEY_CHECKS = 1;