The main difference between # and $ in mybatis is: #The incoming parameters are displayed as strings in SQL, #This method can largely prevent sql injection; $The incoming parameters are directly displayed as incoming in SqL value, the $ method cannot prevent Sql injection.
MyBatis is an excellent persistence layer framework that supports customized SQL, stored procedures and advanced mapping. MyBatis avoids almost all JDBC code and manual setting of parameters and retrieval of result sets. MyBatis can use simple XML or annotations to configure and map native information, mapping interfaces and Java POJOs (Plain Ordinary Java Object, ordinary Java objects) into records in the database.
Dynamic sql is one of the main features of mybatis. After the parameters defined in the mapper are passed to xml, mybatis will dynamically parse them before querying. Mybatis provides us with two syntaxes that support dynamic sql: #{} and ${}; both dynamically pass the required parameters into the sql statement.
What is the difference between # and $ in mybatis
1. The parameters passed in are displayed differently in SQL
#The passed-in parameters are displayed as strings in SQL (as a string), and double quotes will be added to the automatically passed-in data.
Example: Use the following SQL
select id,name,age from student where id =#{id}
When the parameter id we pass is "1", the above sql is parsed as:
select id,name,age from student where id ="1"
$The incoming parameters are in SqL The passed-in value is directly displayed in
Example: Use the following SQL
select id,name,age from student where id =${id}
When the parameter id we pass is "1", the parsing of the above sql is:
select id,name,age from student where id =1
2, # can prevent the risk of SQL injection (statement splicing); but $ cannot prevent Sql injection.
3. The $ method is generally used to pass in database objects, such as table names.
4. In most cases, # is often used. Generally, if # can be used, don’t use $; but in some cases, $ must be used. For example: When using order by dynamic parameters when sorting MyBatis, you need to pay attention. $ instead of #.
The above is the entire content of this article, I hope it will be helpful to everyone's study. For more exciting content, you can pay attention to the relevant tutorial columns of the PHP Chinese website! ! !
The above is the detailed content of What is the difference between # and $ in mybatis. For more information, please follow other related articles on the PHP Chinese website!