数据库查询语句 动态加入查询条件 不区分大小写

画面索注意事

1. 如果某个目没有不使用该检索条件。 sqlMap中可以使用isNotEmpty动态增加WHERE条件。

    <sql id="sql_head">
        SELECT U.USER_ID as idUser,
               U.USER_NAME as userName,
               U.USER_TYPE as userType,
               U.SVC_CTR_CODE as svcCtrCode,
               U.USER_STATUS as userStatus,
               S.SVC_CTR_NAME as svcCtrName
        FROM M_USER U,
             M_SERVICE_CTR S
        WHERE S.IS_DELETED = '0' 
        AND U.SVC_CTR_CODE = S.SVC_CTR_CODE
    </sql>
    <select id="SELECT.A_USR_S02.GET_LIST_USER"
            parameterClass="my.com.honda.servicebooking.a_usr.dto.A_USR_S02_Input"
            resultClass="my.com.honda.servicebooking.a_usr.dto.A_USR_S02_Output">
        <include refid="sql_head" />
        <dynamic prepend="and">
            <isNotEmpty property="userType" prepend="">
                U.USER_TYPE=#userType#
            </isNotEmpty>
        </dynamic>
        <dynamic prepend="and">
            <isNotEmpty property="userStatus" prepend="">
                U.USER_STATUS=#userStatus#
            </isNotEmpty>
        </dynamic>
        <dynamic prepend="and">
            <isNotEmpty property="userName" prepend="">
                upper(U.USER_NAME) like upper('%'||#userName#||'%')
            </isNotEmpty>
        </dynamic> 
        <dynamic prepend="and">
            <isNotEmpty property="idUser" prepend="">
                upper(U.USER_ID) like upper('%'||#idUser#||'%')
            </isNotEmpty>
        </dynamic> 
        <dynamic prepend="and">
            <isNotEmpty property="svcCtrCode" prepend="">
                S.SVC_CTR_CODE=#svcCtrCode#
            </isNotEmpty>
        </dynamic>
        <dynamic>
            ORDER BY UPPER(U.USER_ID) ASC,
                UPPER(U.USER_NAME) ASC
        </dynamic>
    </select>

 

2.对于文本框的

  1)不区分大小写,一用UPPER函数转为大写后行匹配。

      例:UPPER(USER_NAME)= UPPER(#name#)

  2索条件中的前后空白后再索。即,再入参数前,需要将用入内容trim
    3)使用部分一致

    i. 使用$ 写成  SELECT * FROM user where name like'%$name$%'

           $name$ 是字面意的替,在入参数需要先SQL转换

     ii. 使用#,并且用|| 接字符串的方式。写成SELECT * FROM user where name like '%'|| #name# || '%'

           #name# 带类型的替,没有SQL注入问题

posted @ 2012-12-06 15:20  chengfang  阅读(209)  评论(0编辑  收藏  举报