# And $ in mybatis,

Source: Internet
Author: User

# And $ in mybatis,
# And $ in mybatis 1. # When the incoming data is treated as a string, a double quotation mark is added to the automatically passed data. For example, order by # user_id #. If the input value is 111, the value parsed to SQL is order by "111". If the input value is id, the parsed SQL statement is order by "id ".
 
2. $ directly display the incoming data and generate it in SQL. For example, order by $ user_id $. If the input value is 111, the value parsed to SQL is order by 111. If the input value is id, the parsed SQL statement is order by id.
 
3. # The method can prevent SQL injection to a great extent.
 
4. $ cannot prevent SQL injection.

5. The $ method is generally used to input database objects, such as the input table name.
 
6. Generally, you can use # instead of $.

Note the use of the order by dynamic parameter in MyBatis sorting. use $ instead #

String replacement
By default, the syntax in the format of # {} will cause MyBatis to create the pre-processing statement attribute and set a safe value (such as?) for the background ?). This is safe and quick and preferred practice. Sometimes you just want to insert a non-changing string directly in the SQL statement. For example, you can use order by as follows:

Order by $ {columnName}

Here, MyBatis does not modify or escape strings.
Important: it is not safe to accept the content output from the user and provide it to the constant strings in the statement. This can lead to potential SQL injection attacks. Therefore, you should not allow users to enter these fields, or escape and check them manually.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.