参数传递的方式:
可以接受基本类型,包装类型,字符串类型等。这种情况MyBatis可直接使用这个参数,不需要经过任何处理。
/** * 根据id查询用户信息 * @param id * @return */ public User getUserById(Integer id); <select id="getUserById" resultType="User"> select * from user where id=#{id} </select>@Test public void t1() { SqlSession session = sqlFa.openSession(); UserMapper mapper = session.getMapper(UserMapper.class); User user = mapper.getUserById(2); System.out.println(user); session.commit(); }
任意多个参数,都会被MyBatis重新包装成一个Map传入。Map的key是param1,param2,或者0,1…,值就是参数的值
/** * 根据用户名密码查询用户的信息,传递多个参数 * @param username * @param password * @return */ public User getUserByUserNameAndPassword(String username,String password);<select id="getUserByUserNameAndPassword" resultType="User"> select * from user where username=#{param1} and password =#{param2} </select> <!-- #{0} #{1} 也可以,混着用也行,但是不推荐,当参数多的时候不好区分-->
@Test public void t2() { SqlSession session = sqlFa.openSession(); UserMapper mapper = session.getMapper(UserMapper.class); List<User> user = mapper.getUserAll(); System.out.println(user); session.commit(); }
为参数使用@Param起一个名字,MyBatis就会将这些参数封装进map中,key就是我们自己指定的名字
/** * 不同参数 * @param lastName * @param email * @return */ public Employee queryEmpByLastNameAndEmail(@Param("ln")String lastName,@Param("em")String email); <select id="queryEmpByLastNameAndEmail" resultType="Employee"> select id,last_name,email from tbl_employee where last_name =#{ln} and email=#{em} </select>
当这些参数属于我们业务POJO时,我们直接传递POJO
/**更新用户信息 * * @param user * @return */ public int updateUser(User user); <update id="updateUser"> update user set username=#{username}, password =#{password} ,email=#{email} where id=#{id} </update>
我们也可以封装多个参数为map,直接传递
/** * 根据map中的参数查询用户信息, * @param map * @return */ public User getUserByMap(Map<String ,Object> map); <select id="getUserByMap" resultType="User"> select * from user where username=#{username} and password =#{password} </select>@Test public void t7() { SqlSession session = sqlFa.openSession(); UserMapper mapper = session.getMapper(UserMapper.class); Map<String ,Object>map=new HashMap<>(); map.put("username", "theking"); map.put("password", "123"); User user = mapper.getUserByMap(map); System.out.println(user); session.commit(); }
会被MyBatis封装成一个map传入, Collection对应的key是collection,Array对应的key是array. 如果确定是List集合,key还可以是list。
<select id="queryEmpByForeach" resultType="Employee"> <include refid="commonsSql"></include> <trim prefix=" where id in"> <foreach collection="ids" item="id" open="(" separator="," close=")"> #{id} </foreach> </trim> </select>#{key}:获取参数的值,预编译到SQL中。安全。
${key}:获取参数的值,拼接到SQL中。有SQL注入问题。
但是并不是说${key}这种方式就不用了,#{kefromy}的使用范围是在where条件之后使用,但是若order by、group by、from后面是可变的参数的时候,只能使用${}的形式进行拼接
<select id="getUserByTable" resultType="User"> select * from ${table_name} where username=#{username} </select> /** * 根据map中的参数查询用户信息, * @param map * @return */ public User getUserByTable(Map<String ,Object> map);
