MyBatis常用语法和注意事项

1. if

This statement would provide an optional text search type of functionality.

SELECT * FROM BLOG

WHERE state = 'ACTIVE'

AND title = #{title}

2. choose, when, otherwise

Sometimes we don't want all of the conditionals to apply, instead we want to choose only one case among many options.

SELECT * FROM BLOG WHERE state = 'ACTIVE'

AND title = #{title}

AND author_name = #{author.name}

AND featured = 1

3. set

The set element can be used to dynamically include columns to update, and leave out others.

A:

update Author

username=#{username},

password=#{password},

email=#{email},

bio=#{bio}

where id=#{id}

B:

update Author set

username=#{username},

password=#{password},

email=#{email},

bio=#{bio}

where id=#{id}

If bio is null

A. update Author set username = 'xx', password= 'xx', email = 'xx'[not has , due to tag will remove it] where id = 'x'

B. update Author set username = 'xx', password= 'xx', email = 'xx', where id = 'x'

4. foreach

The foreach element is very powerful, and allows you to specify a collection, declare item and index variables that can be used inside the body of the element. It also allows you to specify opening and closing strings, and add a separator to place in between iterations. The element is smart in that it won't accidentally append extra separators.

SELECT *

FROM POST P

WHERE ID in

open="(" separator="," close=")">

#{item}

1. trim

prefix="WHERE" prefixOverrides="AND |OR ">

...

Sample:

select * from user

prefixoverride="AND |OR">

AND name=#{name}

AND gender=#{gender}

If name and gender are not null, the SQL will be like this: select * from user where name = 'xx' and gender = 'xx'.

prefix:前缀

prefixoverride: remove 1^st AND/OR

update user

suffixoverride="," suffix=" where id = #{id} ">

name=#{name} ,

gender=#{gender} ,

If name and gender are not null, the SQL will be like this: update user set name='xx' , gender='xx' where id='x'.

suffix: 后缀

suffixoverride: remove last character ","

where： search condition

Note

A)Escape character in MyBatis XML

Sample:

where id >= 1(wrong)

where id >= 1(correct)

B)mybatis中#{}和${}的区别

http://www.cnblogs.com/baizhanshi/p/5778692.html

By default, using the #{} syntax will cause MyBatis to generate PreparedStatement properties and set the values safely against the PreparedStatement parameters (e.g. ?). While this is safer, faster and almost always preferred, sometimes you just want to directly inject a string unmodified into the SQL Statement. For example, for ORDER BY, you might use something like this:

ORDER BY ${columnName}

Here MyBatis won't modify or escape the string.

NOTE It's not safe to accept input from a user and supply it to a statement unmodified in this way. This leads to potential SQL Injection attacks and therefore you should either disallow user input in these fields, or always perform your own escapes and checks.