模糊查詢LIKE語句的SQL注入預防
阿新 • • 發佈:2019-01-09
<select id="INSTITUTIONS-GET-PARAMS" resultMap="INSTITUTIONSDO-MAP" parameterClass="java.util.Map"> <![CDATA[ SELECT /*INSTITUTIONS-CLASSIFICATION-GET-ALL-COUNT */ i.id, i.institution_name, i.institution_short_name, i.create_time, i.agency_headquarters, i.registration_site, i.website_url, i.brief_introduction, i.logo_url, i.hot FROM ins i ]]> <isNotEmpty property="categoryCode"> LEFT JOIN ins_industry ii ON i.id = ii.institutionId LEFT JOIN ind_type it ON it.id = ii.typeId </isNotEmpty> where 1=1 <dynamic> <isNotEmpty property="categoryCode" prepend=" AND "> <![CDATA[ it.category_code = #categoryCode# ]]> </isNotEmpty> <isNotEmpty property="institutionName" prepend=" AND "> i.institution_short_name LIKE '%$institutionName$%' </isNotEmpty> ORDER BY i.hot ASC <isNotEmpty property="start"> LIMIT #start#, <isNotEmpty property="size"> #size# </isNotEmpty> </isNotEmpty> </dynamic> </select>