Python 官方文档:入门教程 => 点击学习
目录网上的教程我的教程(防sql注入攻击)注入Map注入List封装foreachmybatis防止sql注入的循环map写法网上的教程 配置xml 注解中写xml
Mapper层代码
@Repository
public interface ManageMapper {
@SelectProvider(type = ManageProvider.class, method = "queryDevices")
List<Map<String, Object>> queryDevices(@Param("devicetypeno") String devicetypeno, @Param("map") Map<String, Object> map);
}
Service层代码
@Service("manageService")
public class ManageServiceImpl implements ManageService {
@Resource
private ManageMapper manageMapper;
@Override
public List<Map<String, Object>> queryDevices(String devicetypeno) {
HashMap<String, Object> map = new HashMap<>();
map.put("1-1", "1800");
map.put("1-2", "1854");
return manageMapper.queryDevices(devicetypeno, map);
}
}
SqlProvider代码
public class ManageProvider {
public String queryDevices() {
String sql = new SQL()
.SELECT("TERMINALNUM, ORGCODE, DEVICETYPENO, DEVICENAME")
.FROM("S_DEVICE_INFO")
.WHERE("DEVICETYPENO = #{devicetypeno}")
.WHERE("ORGCODE IN (#{map.1-1}, #{map.1-2})")
.toString();
return sql;
}
}
Mapper层代码
@Repository
public interface ManageMapper {
@SelectProvider(type = ManageProvider.class, method = "queryDevices")
List<Map<String, Object>> queryDevices(@Param("devicetypeno") String devicetypeno, @Param("list") List<Object> list);
}
Service层代码
@Service("manageService")
public class ManageServiceImpl implements ManageService {
@Resource
private ManageMapper manageMapper;
@Override
public List<Map<String, Object>> queryDevices(String devicetypeno) {
ArrayList<Object> list = new ArrayList<>();
list.add("1800");
list.add("1854");
return manageMapper.queryDevices(devicetypeno, list);
}
}
SqlProvider代码
public class ManageProvider {
public String queryDevices(Map<String, Object> params) {
// String sql = new SQL()
// .SELECT("TERMINALNUM, ORGCODE, DEVICETYPENO, DEVICENAME")
// .FROM("S_DEVICE_INFO")
// .WHERE("DEVICETYPENO = #{devicetypeno}")
// .WHERE("ORGCODE IN (#{list[0]}, #{list[1]})")
// .toString();
// return sql;
@SuppressWarnings("unchecked")
List<Object> list = (List<Object>) params.get("list");
StringBuilder inBuilder = new StringBuilder();
for (int i = 0, size = list.size(); i < size; i++) {
if (i == 0) {
inBuilder.append("(").append("#{list[").append(i).append("]}");
} else if (i == size - 1) {
inBuilder.append(", ").append("#{list[").append(i).append("]}").append(")");
} else {
inBuilder.append(", ").append("#{list[").append(i).append("]}");
}
}
SQL sql = new SQL()
.SELECT("TERMINALNUM, ORGCODE, DEVICETYPENO, DEVICENAME")
.FROM("S_DEVICE_INFO")
.WHERE("DEVICETYPENO = #{devicetypeno}");
if (inBuilder.length() > 0) {
sql.WHERE("ORGCODE IN " + inBuilder);
}
return sql.toString();
}
}
像xml foreach标签一样使用foreach方法
请看mybatis注解动态sql中foreach工具方法
<foreach collection="condition.keys" item="k" separator="and">
<if test="null != condition[k]">
${k} = #{condition[${k}]}
</if>
</foreach>
以上为个人经验,希望能给大家一个参考,也希望大家多多支持编程网。
--结束END--
本文标题: mybatis注解动态sql注入map和list方式(防sql注入攻击)
本文链接: https://www.lsjlt.com/news/158777.html(转载时请注明来源链接)
有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
下载Word文档到电脑,方便收藏和打印~
2024-03-01
2024-03-01
2024-03-01
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
2024-02-29
回答
回答
回答
回答
回答
回答
回答
回答
回答
回答
0