MyBatis获取参数值的两种方式
1.${}:insert into emp values(null,admin,23,男)
Statement:
必须使用字符串拼接的方式操作SQL,一定要注意单引号问题
不能防止SQL注入
2.#{}:insert into emp values(null,?,?,?)
PreparedStatement:
可以使用通配符操作SQL,因为在为String赋值时可以自动加单引号,因此不需要注意单引号问题
可以防止SQL注入
使用建议:**建议使用#{}**,在特殊情况下,需要使用${},例如模糊查询和批量删除
不同的参数类型,${}和#{}的不同取值方式:
1、当传输参数为单个String或基本数据类型和其包装类型
#{}:可以以任意的名字获取参数值
${}:只能以${value}或${_parameter}获取
2、当传输参数为JavaBean时
#{}和${}都可以通过属性名直接获取属性值,但是要注意${}的单引号问题
3、当传输多个参数时,mybatis会默认将这些参数放在map集合中
两种方式:
(1)键为0,1,2,3…N-1,以参数为值
(2)键为param1,param2,param3…paramN,以参数为值
#{}:#{0}、#{1};#{param1}、#{param2}
${}:#{param1}、{param2},但是要注意${}的单引号问题
4、当传输Map参数时
#{}和${}都可以通过键的名字直接获取值,但是要注意${}的单引号问题
5、命名参数
可以通过@Param(“key”)为map集合指定键的名字
Emp getEmpByEidAndEnameByParam(@Param(“eid”)String eid, @Param(“ename”)String ename);
6、当传输参数为List或Array,mybatis会将List或Array放在map中
List以list为键,Array以array为键
Statement与PreparedStatement
package com.atguigu.test;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.Statement;
import com.atguigu.bean.Emp;
public class TestJDBC {
public static void main(String[] args) throws Exception {
Class.forName("");
Connection conn = DriverManager.getConnection("","","");
//可以使用通配符赋值
PreparedStatement ps = conn.prepareStatement("insert into emp values(null, ?, ?,?");
ps.setString(1, "root");
ps.setString(2, "23");
ps.setString(3, "男");
ps.executeUpdate();
Statement statement = conn.createStatement();
Emp emp = new Emp(null, "a", 1, "b");
//不可以使用通配符赋值
statement.executeUpdate("insert into emp values(null, '"+emp.getEname()+"', "+emp.getAge()+", '"+emp.getSex()+"')");
}
}
案例
1.项目目录
2.ParamMapper.java
package com.atguigu.mapper;
import java.util.List;
import java.util.Map;
import org.apache.ibatis.annotations.Param;
import com.atguigu.bean.Emp;
public interface ParamMapper {
//添加员工信息
void insertEmp(Emp emp);
//获取名字中包含以name开头且后面多一个任意字符的员工信息
List<Emp> getAllEmp(String name);
//删除名字中包含name的员工信息
void deleteEmp(String name);
//根据eid获取员工信息
Emp getEmpByEid(String eid);
//根据eid和ename获取员工信息
Emp getEmpByEidAndEname(String eid, String ename);
//根据map查询员工信息
Emp getEmpByMap(Map<String, Object> map);
//根据eid和ename获取员工信息
Emp getEmpByEidAndEnameByParam(@Param("eid")String eid, @Param("ename")String ename);
}
3.ParamMapper.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper
PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
"http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.atguigu.mapper.ParamMapper">
<!--
useGeneratedKeys:可以使用自动生成的主键
keyProperty:将自动生成的主键赋值给传递过来的参数的哪一个属性
-->
<insert id="insertEmp" useGeneratedKeys="true" keyProperty="eid">
<!-- insert into emp values(null, #{ename}, #{age}, #{sex}) -->
insert into emp values(null, '${ename}', ${age}, '${sex}')
</insert>
<select id="getAllEmp" resultType="Emp">
<!-- 模糊查询 -->
select eid,ename,age,sex from emp where ename like '${value}_'
</select>
<delete id="deleteEmp">
<!-- 批量删除 -->
delete from emp where ename like '%${value}%'
</delete>
<!-- Emp getEmpByEid(String eid); -->
<select id="getEmpByEid" resultType="Emp">
<!-- select eid,ename,age,sex from emp where eid=#{eid} -->
<!-- 参数与接口中的参数不一致也可以 -->
<!-- select eid,ename,age,sex from emp where eid=#{eids} -->
<!--
报错:
org.apache.ibatis.reflection.ReflectionException:
There is no getter for property named 'eid' in
'class java.lang.String'
-->
<!-- select eid,ename,age,sex from emp where eid = ${eid} -->
<!-- 成功 -->
<!-- select eid,ename,age,sex from emp where eid = ${value} -->
select eid,ename,age,sex from emp where eid = ${_parameter}
</select>
<!-- Emp getEmpByEidAndEname(String eid, String ename); -->
<select id="getEmpByEidAndEname" resultType="Emp">
<!-- select eid,ename,age,sex from emp where eid=#{0} and ename=#{1} -->
<!-- select eid,ename,age,sex from emp where eid=#{param1} and ename=#{param2} -->
select eid,ename,age,sex from emp where eid=${param1} and ename='${param2}'
<!-- select eid,ename,age,sex from emp where eid=${0} and ename=${1} --><!-- 不可行 -->
</select>
<!-- Emp getEmpByMap(Map<String, Object> map); -->
<select id="getEmpByMap" resultType="Emp">
select eid,ename,age,sex from emp where eid=${eid} and ename='${ename}'
</select>
<!-- Emp getEmpByEidAndEnameByParam(@Param("eid")String eid, @Param("ename")String ename); -->
<select id="getEmpByEidAndEnameByParam" resultType="Emp">
select eid,ename,age,sex from emp where eid=#{eid} and ename=#{ename}
</select>
</mapper>
4.TestParam.java
package com.atguigu.test;
import java.io.IOException;
import java.io.InputStream;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.ibatis.io.Resources;
import org.apache.ibatis.session.SqlSession;
import org.apache.ibatis.session.SqlSessionFactory;
import org.apache.ibatis.session.SqlSessionFactoryBuilder;
import org.junit.Test;
import com.atguigu.bean.Emp;
import com.atguigu.mapper.ParamMapper;
public class TestParam {
@Test
public void testCRUD() throws IOException{
InputStream is = Resources.getResourceAsStream("mybatis-config.xml");
SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(is);
// SqlSession sqlSession = sqlSessionFactory.openSession();//需要手动处理事务
SqlSession sqlSession = sqlSessionFactory.openSession(true);//自动处理事务
ParamMapper mapper = sqlSession.getMapper(ParamMapper.class);
//获取名字中包含admin的所有员工信息(模糊查询)
// List<Emp> allEmp = mapper.getAllEmp("admin");
// System.out.println(allEmp);
//删除名字中包含admin的所有员工信息(批量删除)
// mapper.deleteEmp("admin");
// Emp emp = new Emp(null, "admin", 23, "男");
// mapper.insertEmp(emp);
// System.out.println(emp.getEid());
// Emp emp = mapper.getEmpByEid("1");
// System.out.println(emp);
// Emp emp = mapper.getEmpByEidAndEname("1", "张三");
// System.out.println(emp);
// Map<String, Object> map = new HashMap<>();
// map.put("eid", "1");
// map.put("ename", "张三");
// Emp emp = mapper.getEmpByMap(map);
// System.out.println(emp);
Emp emp = mapper.getEmpByEidAndEnameByParam("1", "张三");
System.out.println(emp);
}
}