- <select id="findUsersByUserName2" resultType="java.util.Map" parameterType="Params">
- SELECT
- id as uid,
- username as uname,
- password as pwd,
- account as act,
- telephone,
- idcard,
- create_time as createTime,
- is_delete as isDelete,
- male,
- birthday,
- email,
- address,
- update_time as updateTime,
- teacher_id as teacherId,
- subject_id as subjectId,
- age,
- status,
- type
- FROM
- tz_user
- WHERE
- username LIKE %${username}%
- AND `password` = #{password}
- ORDER BY ${order}
- </select>
ORDER BY ${order} 和模糊查询 username LIKE %${username}% 是用 $ 符号, 其他的大多是用 #{} 来获取传递的参数
ORDER BY 还可以用 #{} 符号传递参数
#{} 将传入的数据都当成一个字符串, 会对自动传入的数据加一个双引号如: order by #{userId}, 如果传入的值是 111, 那么解析成 sql 时的值为 order by "111", 如果传入的值是 id, 则解析成的 sql 为 order by "id".
${} 将传入的数据直接显示生成在 sql 中, 是什么就是什么, 没有加双引号: select * from table1 where id=${id} 若 id = 4, 则就是: select * from table1 where id = 4;
最好是能用 #{} 就用它, 因为它可以防止 sql 注入, 且是预编译的, 在需要原样输出时才使用 ${}
记住一点: 单引号里面的用 ${} 符号, ORDER BY 可以用 ${} 或者 #{} 符号, 用 #{} 的不能加单引号, 因为默认加了引号
来源: http://www.bubuko.com/infodetail-2523805.html