目录
Mybatis中Like模糊查询三种处理方式
1.通过单引号拼接+${}
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
2.通过concat()函数拼接(个人推荐使用这种)
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
3.通过"%"#{}"%"
1)mapper接口
2)Mapper.xml
3)测试代码
4) 测试结果
附加
1.User实体
2.LikeMapper类
3.LikeMapperTest代码
4.LikeMapper.xml文件
5.表结构
Mybatis中Like模糊查询三种处理方式
1.通过单引号拼接+${}
这种方法使用了字符串替换的方式来进行模糊查询。但是这种方式存在SQL注入的风险,因为"${name}"会直接将变量值插入到SQL语句中,如果输入没有经过适当的过滤,则可能会导致安全问题。
注:在XML文件中不建议使用'%${name}%'的方式,而是应该使用concat()或者%' + #{name} + '% '来避免SQL注入。
1)mapper接口
/**
* 通过单引号拼接+${}
*/
public List<User> getLikeBySingleQuote(String name);
2)Mapper.xml
<!--单引号拼接+${}--> <select id="getLikeBySingleQuote" resultType="org.xiji.enty.User"> select * from user where username like '%${name}%' </select>
3)测试代码
/** * 通过单引号拼接+${} * '%${}%' */ @Test public void testGetLikeBySingleQuote(){ String name = "xiji"; List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name); System.out.println(likeBySingleQuote.toString()); }
4) 测试结果
2.通过concat()函数拼接(个人推荐使用这种)
使用数据库的concat()函数可以避免SQL注入的问题,并且是跨平台的(MySQL, PostgreSQL等支持concat()或类似函数)。
1)mapper接口
/** * 通过ConCat函数拼接 * */ public List<User> getLikeByConCat(String name);
2)Mapper.xml
<!--concat函数拼接-->
<select id="getLikeByConCat" resultType="org.xiji.enty.User">
select * from user where username like concat('%',#{name},'%')
</select>
3)测试代码
/** * 通过concat函数拼接 * concat('%',#{name},'%') */ @Test public void testGetLikeByConCat(){ String name = "xiji"; List<User> likeByConCat = likeMapper.getLikeByConCat(name); System.out.println(likeByConCat.toString()); }
4) 测试结果
3.通过"%"#{}"%"
这种方式也是安全的,并且简洁。它使用了MyBatis的预编译功能,自动对参数进行转义,防止SQL注入攻击。
注:虽然使用'%'#{name}'%'看起来简洁,但是在某些情况下,如果name包含特殊字符,可能需要进一步的处理来保证安全性和正确性。因此,推荐使用concat()函数来构建LIKE语句。
1)mapper接口
/**
* 通过 “%”#{}“%” 拼接
*/
public List<User> getLikeByPercent(String name);
2)Mapper.xml
<!-- "%"#{}"%" --> <select id="getLikeByPercent" resultType="org.xiji.enty.User"> select * from user where username like "%"#{name}"%" </select>
3)测试代码
/** * 通过通过 "%"#{}"%" 拼接 * like '%#{name}%' */ @Test public void testGetLikeByPercent(){ String name = "xiji"; List<User> likeByPercent = likeMapper.getLikeByPercent(name); System.out.println(likeByPercent.toString()); }
4) 测试结果
附加
1.User实体
package org.xiji.enty;
public class User {
private int id;
private String username;
private String password;
private String userInfo;
public User() {
}
public User(int id, String username, String password, String userInfo) {
this.id = id;
this.username = username;
this.password = password;
this.userInfo = userInfo;
}
public int getId() {
return id;
}
public void setId(int id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
public String getUserInfo() {
return userInfo;
}
public void setUserInfo(String userInfo) {
this.userInfo = userInfo;
}
@Override
public String toString() {
return "User{" +
"id=" + id +
", username='" + username + '\'' +
", password='" + password + '\'' +
", userInfo='" + userInfo + '\'' +
'}';
}
}
2.LikeMapper类
package org.xiji.mapper;
import org.apache.ibatis.annotations.Mapper;
import org.xiji.enty.User;
import java.util.List;
/**
* 模糊查询的三种方式
*/
@Mapper
public interface LikeMapper {
/**
* 通过单引号拼接+${}
*/
public List<User> getLikeBySingleQuote(String name);
/**
* 通过ConCat函数拼接
*
*/
public List<User> getLikeByConCat(String name);
/**
* 通过 “%”#{}“%” 拼接
*/
public List<User> getLikeByPercent(String name);
}
3.LikeMapperTest代码
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
import org.xiji.enty.User;
import org.xiji.mapper.LikeMapper;
import java.util.List;
@SpringJUnitConfig(locations = {"classpath:springConfig.xml"})
public class LikeMapperTest {
@Autowired
private LikeMapper likeMapper;
/**
* 通过单引号拼接+${}
* '%${}%'
*/
@Test
public void testGetLikeBySingleQuote(){
String name = "xiji";
List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name);
System.out.println(likeBySingleQuote.toString());
}
/**
* 通过concat函数拼接
* concat('%',#{name},'%')
*/
@Test
public void testGetLikeByConCat(){
String name = "xiji";
List<User> likeByConCat = likeMapper.getLikeByConCat(name);
System.out.println(likeByConCat.toString());
}
/**
* 通过通过 “%”#{}“%” 拼接
* like '%#{name}%'
*/
@Test
public void testGetLikeByPercent(){
String name = "xiji";
List<User> likeByPercent = likeMapper.getLikeByPercent(name);
System.out.println(likeByPercent.toString());
}
}
4.LikeMapper.xml文件
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="org.xiji.mapper.LikeMapper">
<!--模糊查询的三种方式-->
<!--单引号拼接+${}-->
<select id="getLikeBySingleQuote" resultType="org.xiji.enty.User">
select * from user where username like '%${name}%'
</select>
<!--concat函数拼接-->
<select id="getLikeByConCat" resultType="org.xiji.enty.User">
select * from user where username like concat('%',#{name},'%')
</select>
<!-- ”%“#{}“%” -->
<select id="getLikeByPercent" resultType="org.xiji.enty.User">
select * from user where username like "%"#{name}"%"
</select>
</mapper>5.表结构
SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;
-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user` (
`id` int NOT NULL AUTO_INCREMENT COMMENT '用户id',
`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户名字',
`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户密码',
`userInfo` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户信息',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;
SET FOREIGN_KEY_CHECKS = 1;
