The difference between # and $

王林
Release: 2019-10-25 17:57:12
Original
22548 people have browsed it

The difference between # and $

The difference between them in the most direct terms is: # is equivalent to adding double quotes to the data, and $ is equivalent to displaying the data directly.

1, #treat the incoming parameters as strings, that is, it will be pre-compiled

select * from user where name = #{name}
Copy after login

For example, if I pass a csdn, then the passed parameters will be

select * from user where name = 'csdn'
Copy after login

2 , $ will not precompile the incoming value

select * from user where name=${name}
Copy after login

For example, if I wear a csdn, then the passed value will be

select * from user where name=csdn
Copy after login

3. The advantage of # is that it can be used to a great extent Prevent sql injection, but $ does not.

For example: the user performs a login operation, and the background sql verification style is:

select * from user where username=#{name} and password = #{pwd}
Copy after login

If the user name transmitted from the front desk is "wang" and the password is "1 or 1=1", use If you use the # method, there will be no sql injection. If you change to the $ method, the sql statement will become

select * from user where username=wang and password = 1 or 1=1
Copy after login

. In this case, sql injection will be formed.

4. When using order by dynamic parameters when sorting MyBatis, you need to pay attention to using $ instead of #.

Recommended tutorial:mysql tutorial

The above is the detailed content of The difference between # and $. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!