Mybatis模糊查询(防SQL注入)

利用<bind>标签来防止模糊查询的时候sql注入

    <select id="......" parameterType="......" resultType="......">
        select
        *
        from 
        user
        where 
        state=1
        <if test="name != null">
            <bind name="content" value="'%' + name + '%'" />
            and name like #{content}
        </if>
        <if test="questionType != null">
            and type = #{type}
        </if>
        order by create_time desc
    </select>

 

posted @ 2021-10-25 10:58  迷糊桃  阅读(343)  评论(0编辑  收藏  举报