Shulou(Shulou.com)06/01 Report--

Editor to share with you what is the difference between # and $in MYSQL, I believe most people do not know much about it, so share this article for your reference, I hope you will learn a lot after reading this article, let's learn about it!

The difference between them is, in the most direct terms: # is equivalent to putting double quotation marks on the data, and $is equivalent to displaying the data directly.

1. # treat the passed parameter as a string, that is, it will be precompiled

Select * from user where name = # {name}

For example, if I send a csdn, then I will pass it over.

Select * from user where name = 'csdn'

2. $will not precompile the passed value

Select * from user where name=$ {name}

For example, if I wear a csdn, then I pass it over.

Select * from user where name=csdn

3. The advantage of # is that it can prevent sql injection to a large extent, while $is not.

For example, the user performs a login operation, and the background sql verifies the style:

Select * from user where username=# {name} and password = # {pwd}

If the user name from the front desk is "wang" and the password is "1 or 1", there will be no sql injection in #, but if it is changed to $, the sql statement will become

Select * from user where username=wang and password = 1 or 1

In this way, sql injection is formed.

4. When using order by dynamic parameters when MyBatis sorting, you should be aware that you should use $instead of #.

These are all the contents of what is the difference between # and $in MYSQL. Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.