Ibatis sqlmap MySQL fuzzy query string three ways to spell

In general, the parameters of the Ibatis are used in the form of #param# in Sqlmap, the parameter name is wrapped with ' # ', but there is a problem when using the like statement of SQL, it is not possible to use #param# in single quotes, there are 3 ways to achieve this:

When applying a select * from TABLE WHERE the COL like 'value% ' If you want to put 'value' Instead of a parameter, you can change the entire string after the like to a parameter, that is, the SELECT * from TABLE WHERE the COL like #param #, at which point the value of the parameter param is the string "value%"。 But sometimes the above can complicate the program, so use parameters instead of 'value' You will encounter the problem of using parameters within single quotes. This is the use of ' $ ' to wrap the parameter name, which is the select * from TABLE WHERE the COL like' $param $% ', at which point the value of the parameter param is the string "value".

Another way to see it online is select * from TABLE WHERE COL like #param #| | ' %’。 This method I tried, is invalid, mysql in "| |" Represents or in a program that does not function correctly. But you can use the MySQL string to connect the function: Contat to implement, connect the string together, so you can,SELECT * from the TABLE WHERE COL like Contat (#param #, '% ')

Method Three: Under normal circumstances, the parameters of the Ibatis in the form of #param# in Sqlmap, the parameter name is wrapped with ' # ', but when using the SQL like statement, there is a problem, in single quotation marks can not be used in the form of #param# when the application of the SELECT * from Table where col like 'value% ' If you want to replace 'value' with a parameter, you can change the string after the entire like to the parameter, that is, the SELECT * from TABLE WHERE COL LIK E #param #, at this point the value of the parameter param is the string "value%".

Ibatis sqlmap MySQL fuzzy query string three ways to spell