Shulou(Shulou.com)06/03 Report--

1. If

This statement would provide an optional text search type of functionality.

SELECT * FROM BLOG

WHERE state = 'ACTIVE'

AND title = # {title}

2. Choose, when, otherwise

Sometimes we don't want all of the conditionals to apply, instead we want to choose only one case among many options.

SELECT * FROM BLOG WHERE state = 'ACTIVE'

AND title = # {title}

AND author_name = # {author.name}

AND featured = 1

3. Set

The set element can be used to dynamically include columns to update, and leave out others.

A:

Update Author

Username=# {username}

Password=# {password}

Email=# {email}

Bio=# {bio}

Where id=# {id}

B:

Update Author set

Username=# {username}

Password=# {password}

Email=# {email}

Bio=# {bio}

Where id=# {id}

If bio is null

A. update Author set username = 'xx', password=' xx', email = 'xx' [not has, due to tag will remove it] where id =' x'

B. update Author set username = 'xx', password=' xx', email = 'xx', where id =' x'

4. Foreach

The foreach element is very powerful, and allows you to specify a collection, declare item and index variables that can be used inside the body of the element. It also allows you to specify opening and closing strings, and add a separator to place in between iterations. The element is smart in that it won't accidentally append extra separators.

SELECT *

FROM POST P

WHERE ID in

# {item}

1. Trim

...

Sample:

Select * from user

AND name=# {name}

AND gender=# {gender}

If name and gender are not null, the SQL will be like this: select * from user where name = 'xx' and gender =' xx'.

Prefix: prefix

Prefixoverride: remove 1st AND/OR

Update user

Name=# {name}

Gender=# {gender}

If name and gender are not null, the SQL will be like this: update user set name='xx', gender='xx' where id='x'.

Suffix: suffix

Suffixoverride: remove last character ","

Where: search condition

Note

A) Escape character in MyBatis XML

Sample:

Where id > = 1 (wrong)

Where id > = 1 (correct)

B) the difference between # {} and ${} in mybatis

Http://www.cnblogs.com/baizhanshi/p/5778692.html

By default, using the # {} syntax will cause MyBatis to generate PreparedStatement properties and set the values safely against the PreparedStatement parameters (e.g.?) While this is safer, faster and almost always preferred, sometimes you just want to directly inject a string unmodified into the SQL Statement. For example, for ORDER BY, you might use something like this:

ORDER BY ${columnName}

Here MyBatis won't modify or escape the string.

NOTE It's not safe to accept input from a user and supply it to a statement unmodified in this way. This leads to potential SQL Injection attacks and therefore you should either disallow user input in these fields, or always perform your own escapes and checks.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.