1、$和#的區別
$是字符串拼接,可能產生sql注入,#是先經過預編譯,再複製,可以防止sql注入問題。一般用的都是#來進行預編譯
2、使用
如果是使用對象的屬性,並且不適用like的情況下,直接寫屬性名即可。
<select id="getFillInAll" resultType="org.springblade.biz.pjtx.vo.FillInVO">
select c.id,d.name as examineName,a.name,a.CONTENT,a.spec,a.SCORE,b.UNIT_RESPONSIBLE_FOR_EVALUATIO as unitResponsibleForEvaluatio,c.FRACTION,e.EXAM_EXPLAIN as examExplain,e.RESULT,c.FILL_STATE as fillState
from judicial_pjtx.INDEX_MANAGE a, judicial_pjtx.Examine_Form b, judicial_pjtx.FILL_IN c,judicial_pjtx.EXAMINE_MANAGE d,judicial_pjtx.FILL_IN_ATTACHMENT e
where a.id = b.INDEX_MANAGE_ID and b.id= c.EXAMINE_FORM_ID and b.EXAMINE_MANAGE_ID = d.id and c.id = e.FILL_IN_ID and d.is_deleted = 0
<!-- <if test="fillInVO.name != null and fillInVO.name != '' ">
and e.name like '%${fillInVO.name}%'
</if>
<if test="fillInVO.id != null and fillInVO.id != '' ">
and c.id = #{fillInVO.id}
</if>-->
<if test="fillState != null and fillState != '' ">
and c.FILL_STATE = #{fillState}
</if>
order by FILL_IN_TIME desc
</select>
如果屬性用到了like關鍵字,則必須要使用屬性參數名+字段屬性名
<select id="getFillInAll" resultType="org.springblade.biz.pjtx.vo.FillInVO">
select c.id,d.name as examineName,a.name,a.CONTENT,a.spec,a.SCORE,b.UNIT_RESPONSIBLE_FOR_EVALUATIO as unitResponsibleForEvaluatio,c.FRACTION,e.EXAM_EXPLAIN as examExplain,e.RESULT,c.FILL_STATE as fillState
from judicial_pjtx.INDEX_MANAGE a, judicial_pjtx.Examine_Form b, judicial_pjtx.FILL_IN c,judicial_pjtx.EXAMINE_MANAGE d,judicial_pjtx.FILL_IN_ATTACHMENT e
where a.id = b.INDEX_MANAGE_ID and b.id= c.EXAMINE_FORM_ID and b.EXAMINE_MANAGE_ID = d.id and c.id = e.FILL_IN_ID and d.is_deleted = 0
<!-- <if test="fillInVO.name != null and fillInVO.name != '' ">
and e.name like '%${fillInVO.name}%'
</if>
<if test="fillInVO.id != null and fillInVO.id != '' ">
and c.id = #{fillInVO.id}
</if>-->
<if test="fillInVO.fillState != null and fillInVO.fillState != '' ">
and c.FILL_STATE like '%{fillInVO.fillState}%'
</if>
order by FILL_IN_TIME desc
</select>