Ibatis sqlmap MySQL fuzzy query string three ways to spell

Source: Internet
Author: User

In general, the parameters of the Ibatis are used in the form of #param# in Sqlmap, the parameter name is wrapped with ' # ', but there is a problem when using the like statement of SQL, it is not possible to use #param# in single quotes, there are 3 ways to achieve this:

When applying a select * from TABLE WHERE the COL like 'value% ' If you want to put 'value' Instead of a parameter, you can change the entire string after the like to a parameter, that is, the SELECT * from TABLE WHERE the COL like #param #, at which point the value of the parameter param is the string "value%"。 But sometimes the above can complicate the program, so use parameters instead of 'value' You will encounter the problem of using parameters within single quotes. This is the use of ' $ ' to wrap the parameter name, which is the select * from TABLE WHERE the COL like' $param $% ', at which point the value of the parameter param is the string "value".

Another way to see it online is select * from TABLE WHERE COL like #param #| | ' %’。 This method I tried, is invalid, mysql in "| |" Represents or in a program that does not function correctly. But you can use the MySQL string to connect the function: Contat to implement, connect the string together, so you can,SELECT * from the TABLE WHERE COL like Contat (#param #, '% ')

Method Three: Under normal circumstances, the parameters of the Ibatis in the form of #param# in Sqlmap, the parameter name is wrapped with ' # ', but when using the SQL like statement, there is a problem, in single quotation marks can not be used in the form of #param# when the application of the SELECT * from Table where col like 'value% ' If you want to replace 'value' with a parameter, you can change the string after the entire like to the parameter, that is, the SELECT * from TABLE WHERE COL LIK E #param #, at this point the value of the parameter param is the string "value%".

Ibatis sqlmap MySQL fuzzy query string three ways to spell

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.