mybatis防止sql注入

1、资料

http://my.oschina.net/chuibilong/blog/638950

使用foreach标签处理 in ()的情况

http://blog.csdn.net/gchonghavefun/article/details/8214223/

2、实践

List<OrderInfo> select2AllByBrands(@Param("paramBrands") List<Brand> brands,@Param("paramQuery") OrderInfo condition);

<if test="paramBrands != null" >
and brand.brand_id in
<foreach collection="paramBrands" item="perBrand" open="(" close=")" separator=",">
#{perBrand.brandId}
</foreach>
</if>

<if test="paramQuery.orderAddress != null" >
and ord.order_address like concat('%',#{paramQuery.orderAddress},'%')
</if>
<if test="paramQuery.shippingSn != null" >
and brand.shipping_sn like concat('%',#{paramQuery.shippingSn},'%')
</if>
<if test="paramQuery.orderId != null" >
and info.order_id like concat('%',#{paramQuery.orderId},'%')
</if>
<if test="paramQuery.goodsName != null" >
and info.goods_name like concat('%',#{paramQuery.goodsName},'%')
</if>
<if test="paramQuery.orderPayType != null" >
and ord.order_pay_type = #{paramQuery.orderPayType}
</if>
<if test="paramQuery.orderInfoState != null" >
and info.order_info_state = #{paramQuery.orderInfoState}
</if>
<if test="paramQuery.startDate != null" >
<![CDATA[and info.create_time >= #{paramQuery.startDate}]]>
</if>
<if test="paramQuery.endDate != null" >
<![CDATA[and info.create_time <= #{paramQuery.endDate}]]>
</if>

posted on 2016-08-29 14:54 izumi 阅读(675) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

mybatis防止sql注入

导航

公告