Mybatis中Like模糊查询三种处理方式

目录

Mybatis中Like模糊查询三种处理方式

1.通过单引号拼接+${}

1）mapper接口

2）Mapper.xml

3）测试代码

4) 测试结果

2.通过concat()函数拼接(个人推荐使用这种)

1）mapper接口

2）Mapper.xml

3）测试代码

4) 测试结果

3.通过"%"#{}"%" 

1）mapper接口

2）Mapper.xml

3）测试代码

4) 测试结果

附加

1.User实体

2.LikeMapper类

3.LikeMapperTest代码

4.LikeMapper.xml文件

5.表结构 

---

Mybatis中Like模糊查询三种处理方式

1.通过单引号拼接+${}

        这种方法使用了字符串替换的方式来进行模糊查询。但是这种方式存在SQL注入的风险，因为"${name}"会直接将变量值插入到SQL语句中，如果输入没有经过适当的过滤，则可能会导致安全问题。

注:在XML文件中不建议使用'%${name}%'的方式，而是应该使用concat()或者%' + #{name} + '% '来避免SQL注入。 

1）mapper接口

/*** 通过单引号拼接+${}*/
public List<User> getLikeBySingleQuote(String name);

2）Mapper.xml

<!--单引号拼接+${}-->
<select id="getLikeBySingleQuote" resultType="org.xiji.enty.User">select * from user where username like '%${name}%'
</select>

3）测试代码

/*** 通过单引号拼接+${}*   '%${}%'*/
@Test
public void testGetLikeBySingleQuote(){String name = "xiji";List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name);System.out.println(likeBySingleQuote.toString());
}

4) 测试结果

2.通过concat()函数拼接(个人推荐使用这种)

        使用数据库的concat()函数可以避免SQL注入的问题，并且是跨平台的（MySQL, PostgreSQL等支持concat()或类似函数）。

1）mapper接口

/*** 通过ConCat函数拼接**/
public List<User> getLikeByConCat(String name);

2）Mapper.xml

<!--concat函数拼接-->
<select id="getLikeByConCat" resultType="org.xiji.enty.User">select * from user where username like concat('%',#{name},'%')
</select>

3）测试代码

/*** 通过concat函数拼接*   concat('%',#{name},'%')*/
@Test
public void testGetLikeByConCat(){String name = "xiji";List<User> likeByConCat = likeMapper.getLikeByConCat(name);System.out.println(likeByConCat.toString());
}

4) 测试结果

3.通过"%"#{}"%" 

        这种方式也是安全的，并且简洁。它使用了MyBatis的预编译功能，自动对参数进行转义，防止SQL注入攻击。

注：虽然使用'%'#{name}'%'看起来简洁，但是在某些情况下，如果name包含特殊字符，可能需要进一步的处理来保证安全性和正确性。因此，推荐使用concat()函数来构建LIKE语句。

1）mapper接口

/*** 通过 “%”#{}“%” 拼接*/
public List<User> getLikeByPercent(String name);

2）Mapper.xml

<!-- "%"#{}"%"  -->
<select id="getLikeByPercent" resultType="org.xiji.enty.User">select  * from user where username like "%"#{name}"%"
</select>

3）测试代码

/***  通过通过 "%"#{}"%" 拼接*   like '%#{name}%'*/@Test
public void testGetLikeByPercent(){String name = "xiji";List<User> likeByPercent = likeMapper.getLikeByPercent(name);System.out.println(likeByPercent.toString());
}

4) 测试结果

附加

1.User实体

package org.xiji.enty;public class User {private  int id;private String username;private String password;private String userInfo;public User() {}public User(int id, String username, String password, String userInfo) {this.id = id;this.username = username;this.password = password;this.userInfo = userInfo;}public int getId() {return id;}public void setId(int id) {this.id = id;}public String getUsername() {return username;}public void setUsername(String username) {this.username = username;}public String getPassword() {return password;}public void setPassword(String password) {this.password = password;}public String getUserInfo() {return userInfo;}public void setUserInfo(String userInfo) {this.userInfo = userInfo;}@Overridepublic String toString() {return "User{" +"id=" + id +", username='" + username + '\'' +", password='" + password + '\'' +", userInfo='" + userInfo + '\'' +'}';}
}

2.LikeMapper类

package org.xiji.mapper;import org.apache.ibatis.annotations.Mapper;
import org.xiji.enty.User;import java.util.List;/*** 模糊查询的三种方式*/
@Mapper
public interface LikeMapper {/*** 通过单引号拼接+${}*/public List<User> getLikeBySingleQuote(String name);/*** 通过ConCat函数拼接**/public List<User> getLikeByConCat(String name);/*** 通过 “%”#{}“%” 拼接*/public List<User> getLikeByPercent(String name);}

3.LikeMapperTest代码

import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.junit.jupiter.SpringJUnitConfig;
import org.xiji.enty.User;
import org.xiji.mapper.LikeMapper;import java.util.List;@SpringJUnitConfig(locations = {"classpath:springConfig.xml"})
public class LikeMapperTest {@Autowiredprivate LikeMapper likeMapper;/*** 通过单引号拼接+${}*   '%${}%'*/@Testpublic void testGetLikeBySingleQuote(){String name = "xiji";List<User> likeBySingleQuote = likeMapper.getLikeBySingleQuote(name);System.out.println(likeBySingleQuote.toString());}/*** 通过concat函数拼接*   concat('%',#{name},'%')*/@Testpublic void testGetLikeByConCat(){String name = "xiji";List<User> likeByConCat = likeMapper.getLikeByConCat(name);System.out.println(likeByConCat.toString());}/***  通过通过 “%”#{}“%” 拼接*   like '%#{name}%'*/@Testpublic void testGetLikeByPercent(){String name = "xiji";List<User> likeByPercent = likeMapper.getLikeByPercent(name);System.out.println(likeByPercent.toString());}}

4.LikeMapper.xml文件

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapperPUBLIC "-//mybatis.org//DTD Mapper 3.0//EN""http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="org.xiji.mapper.LikeMapper"><!--模糊查询的三种方式--><!--单引号拼接+${}--><select id="getLikeBySingleQuote" resultType="org.xiji.enty.User">select * from user where username like '%${name}%'</select><!--concat函数拼接--><select id="getLikeByConCat" resultType="org.xiji.enty.User">select * from user where username like concat('%',#{name},'%')</select><!-- ”%“#{}“%”  --><select id="getLikeByPercent" resultType="org.xiji.enty.User">select  * from user where username like "%"#{name}"%"</select>
</mapper>

5.表结构 

SET NAMES utf8mb4;
SET FOREIGN_KEY_CHECKS = 0;-- ----------------------------
-- Table structure for user
-- ----------------------------
DROP TABLE IF EXISTS `user`;
CREATE TABLE `user`  (`id` int NOT NULL AUTO_INCREMENT COMMENT '用户id',`username` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户名字',`password` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户密码',`userInfo` varchar(255) CHARACTER SET utf8mb4 COLLATE utf8mb4_0900_ai_ci NULL DEFAULT NULL COMMENT '用户信息',PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB CHARACTER SET = utf8mb4 COLLATE = utf8mb4_0900_ai_ci ROW_FORMAT = Dynamic;SET FOREIGN_KEY_CHECKS = 1;