mybatis的佔位符有兩種${}與#{}兩者的區別
區別
通過#{}傳入的參數,mybatis會自動爲其加上引號
通過${}傳入的參數,mybatis不會爲其加上引號
例如: value=11
select * from user where id=#{}
輸出爲 select * from user where id = '11'
select * from user where id = ${}
輸出爲 select * from user where id =11
安全
${}會有sql注入的安全隱患,如 value = ‘1 or 1=1 ’
那麼 sql 輸出爲 select * from user where id = 1 or 1=1 這個就等於沒有了限制條件
用途
#{}多用於條件參數的傳入
${}用於表明,數據庫對象名, group by 排序
value1='group by' value2='time'
select * from user ${value1} ${value2}
輸出 select * from user group by time