iOpenV

Mybatis executes SQL strings for SqlServer

Scenario introduction:

The parameter passed to the dao layer is an SQL string, and it is required to execute this SQL string in mapper.xml to return the result.

It can be achieved using ${sqlstr}, but there is an injection risk.

Solution:

Execute using SQL code blocks.

< Select id=" SelectSql" ParameterType" Java. lang. String" ResultType" Java. util. Map">

Begin.

Declare @Sqlstr nvarchar (2000);

Set @Sqlstr=# {SQL, jdbcType= VARCHAR}.

Execute ( @sqlstr);

End;

</ Select>

Among them, the parameter SQL in # {} is the passed in parameter key.

Related articles

Latest articles

Hot tags:

java python linux javascript using error android vue.js solution mysql data vue file c++ windows installation configuration c ubuntu method implementation between spring function project spring-boot server system sql database issue c# springboot html docker oracle idea environment command version methods image process resolve uses network excel failed time display