模糊查詢的like '%$name$%'的sql注入避免
Ibatis like 查詢防止SQL注入的方法
Ibatis like 查詢防止SQL注入的方法
mysql: select * from tbl_school where school_name like concat('%',#{name},'%')
oracle: select * from tbl_school where school_name like '%'||#{name}||'%'
sql server:select * from tbl_school where school_name like '%'+#{name}+'%'
適用Oracle和MySQL的方式:
select * from tbl_school where school_name like concat(#{name},'%')