Mybatis中#{}和${}的区别是什么?
#{}是预编译处理、是占位符, ${}是字符串替换、是拼接符
2Mybatis 在处理#{}时,会将 sql 中的#{}替换为?号,调⽤ PreparedStatement 来赋值
3Mybatis 在处理${}时, 就是把${}替换成变量的值,调⽤ Statement 来赋值
4使⽤#{}可以有效的防⽌SQL注⼊,提⾼系统安全性
-- 假设 name="zhangsan" password="1 or 1=1" select * from user where name = #{name} and password = #{password} 将转为 select * from user where name = 'zhouyu' and password = '1 or 1=1' select * from user where name = ${name} and password = ${password} 将转为 select * from user where name = zhouyu and password = 1 or 1=1
带论文文档1万字以上,文末可获取,系统界面在最后面。)
