MyBatis攔截器打印不帶問號的完整sql語句方法
阿新 • • 發佈:2018-05-11
pac con his cee != Coding word sqli statement ?
?
1 | /* Preparing: SELECT * FROM tb_user WHERE id = ? AND user_name = ? <br> 目標是打印:SELECT * FROM tb_user WHERE id = 1000059081 AND user_name = ‘積極‘<br>*/ 這部分代碼只是攔截了查詢和更新,如果想對其他語句進行攔截,在 @Intercepts 中添加對應方法即可 |
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 | <br> package dao.Interceptor; import org.apache.commons.collections.CollectionUtils; import org.apache.ibatis.executor.Executor; import org.apache.ibatis.mapping.BoundSql; import org.apache.ibatis.mapping.MappedStatement; import org.apache.ibatis.mapping.ParameterMapping; import org.apache.ibatis.plugin.*; import org.apache.ibatis.reflection.MetaObject; import org.apache.ibatis.session.Configuration; import org.apache.ibatis.session.ResultHandler; import org.apache.ibatis.session.RowBounds; import org.apache.ibatis.type.TypeHandlerRegistry; import java.text.DateFormat; import java.util.Date; import java.util.List; import java.util.Locale; import java.util.Properties; import java.util.regex.Matcher; @Intercepts ({ @Signature (type = Executor. class , method = "update" , args = { MappedStatement. class , Object. class }), @Signature (type = Executor. class , method = "query" , args = { MappedStatement. class , Object. class , RowBounds. class , ResultHandler. class }) }) @SuppressWarnings ({ "unchecked" , "rawtypes" }) public class MybatisInterceptor implements Interceptor { @Override public Object intercept(Invocation invocation) throws Throwable { try { MappedStatement mappedStatement = (MappedStatement) invocation.getArgs()[ 0 ]; // 獲取xml中的一個select/update/insert/delete節點,主要描述的是一條SQL語句 Object parameter = null ; // 獲取參數,if語句成立,表示sql語句有參數,參數格式是map形式 if (invocation.getArgs().length > 1 ) { parameter = invocation.getArgs()[ 1 ]; System.out.println( "parameter = " + parameter); } String sqlId = mappedStatement.getId(); // 獲取到節點的id,即sql語句的id System.out.println( "sqlId = " + sqlId); BoundSql boundSql = mappedStatement.getBoundSql(parameter); // BoundSql就是封裝myBatis最終產生的sql類 Configuration configuration = mappedStatement.getConfiguration(); // 獲取節點的配置 String sql = getSql(configuration, boundSql, sqlId); // 獲取到最終的sql語句 System.out.println( "sql = " + sql); //log.debug(sql); } catch (Exception e){ // log.error(e.getMessage(), e); } return invocation.proceed(); // 執行完上面的任務後,不改變原有的sql執行過程 } // 封裝了一下sql語句,使得結果返回完整xml路徑下的sql語句節點id + sql語句 public static String getSql(Configuration configuration, BoundSql boundSql,String sqlId) { String sql = showSql(configuration, boundSql); StringBuilder str = new StringBuilder( 100 ); str.append(sqlId); str.append( ":" ); str.append(sql); return str.toString(); } /*<br> *如果參數是String,則添加單引號, 如果是日期,則轉換為時間格式器並加單引號; 對參數是null和不是null的情況作了處理<br> */ private static String getParameterValue(Object obj) { String value = null ; if (obj instanceof String) { value = "‘" + obj.toString() + "‘" ; } else if (obj instanceof Date) { DateFormat formatter = DateFormat.getDateTimeInstance(DateFormat.DEFAULT, DateFormat.DEFAULT, Locale.CHINA); value = "‘" + formatter.format( new Date()) + "‘" ; } else { if (obj != null ) { value = obj.toString(); } else { value = "" ; } } return value; } // 進行?的替換 public static String showSql(Configuration configuration, BoundSql boundSql) { Object parameterObject = boundSql.getParameterObject(); // 獲取參數 List<ParameterMapping> parameterMappings = boundSql .getParameterMappings(); String sql = boundSql.getSql().replaceAll( "[\\s]+" , " " ); // sql語句中多個空格都用一個空格代替 if (CollectionUtils.isNotEmpty(parameterMappings) && parameterObject != null ) { TypeHandlerRegistry typeHandlerRegistry = configuration.getTypeHandlerRegistry(); // 獲取類型處理器註冊器,類型處理器的功能是進行java類型和數據庫類型的轉換<br> // 如果根據parameterObject.getClass()可以找到對應的類型,則替換 if (typeHandlerRegistry.hasTypeHandler(parameterObject.getClass())) { sql = sql.replaceFirst( "\\?" , Matcher.quoteReplacement(getParameterValue(parameterObject))); } else { MetaObject metaObject = configuration.newMetaObject(parameterObject); // MetaObject主要是封裝了originalObject對象,提供了get和set的方法用於獲取和設置originalObject的屬性值,主要支持對JavaBean、Collection、Map三種類型對象的操作 for (ParameterMapping parameterMapping : parameterMappings) { String propertyName = parameterMapping.getProperty(); if (metaObject.hasGetter(propertyName)) { Object obj = metaObject.getValue(propertyName); sql = sql.replaceFirst( "\\?" , Matcher.quoteReplacement(getParameterValue(obj))); } else if (boundSql.hasAdditionalParameter(propertyName)) { Object obj = boundSql.getAdditionalParameter(propertyName); // 該分支是動態sql sql = sql.replaceFirst( "\\?" , Matcher.quoteReplacement(getParameterValue(obj))); } else {sql=sql.replaceFirst( "\\?" , "缺失" );} //打印出缺失,提醒該參數缺失並防止錯位 } } } return sql; } @Override public Object plugin(Object target) { return Plugin.wrap(target, this ); } @Override public void setProperties(Properties properties) { } } |
Mybatis配置文件如下:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN""http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
<!--該路徑是攔截器文件的路徑 dao.Interceptor是攔截器文件的包名稱>
<plugins>
<plugin interceptor="dao.Interceptor.MybatisInterceptor">
</plugin>
</plugins>
<environments default="development">
<environment id="development">
<transactionManager type="JDBC">
<property name="" value=""></property>
</transactionManager> <dataSource type="UNPOOLED">
<property name="driver" value="oracle.jdbc.driver.OracleDriver"></property>>
<property name="url" value="jdbc:oracle:thin:@xx.xxx.xxx.xxx:端口:oratest"></property>
<property name="username" value="用戶名"></property>
<property name="password" value="密碼"></property>
</dataSource>
</environment>
</environments>
<mappers>
<mapper resource="mybatis/UserMapper.xml"/>
</mappers>
</configuration>
MyBatis攔截器打印不帶問號的完整sql語句方法