JAVA mybatis 实例以及防SQL注入方法

src/main/resources/mybatis-config.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
    <!--使用dev环境-->
    <environments default="dev">
        <!--dev环境-->
        <environment id="dev">
            <transactionManager type="JDBC"></transactionManager>
            <!--使用连接池中的数据源
            url=jdbc:mysql://localhost:3306/mybatis?useUnicode=true&characterEncoding=UTF-8&useSSL=false&serverTimezone=Asia/Shanghai
username=root
password=2
            -->
            <dataSource type="POOLED">
<!--                <property name="driver" value="com.mysql.jdbc.Driver"/>-->
                <property name="driver" value="com.mysql.cj.jdbc.Driver"/>
                <property name="url" value="jdbc:mysql://localhost:3306/mybatis?useSSL=false&amp;serverTimezone=Asia/Shanghai"/>
                <property name="username" value="root"/>
                <property name="password" value="2"/>
            </dataSource>
        </environment>

    </environments>
    <!-- 扫描映射文件 -->
    <mappers>
        <mapper resource="com/by/dao/UserDao.xml"/>
    </mappers>

</configuration>

src/main/java/com/by/dao/UserDao.xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN"
        "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<!--namespace：唯一，接口全类名-->
<mapper namespace="com.by.dao.UserDao">
    <!--
        id：和接口方法名保持一致
        resultType：和接口返回类型保持一致
    -->
    <select id="findAll" resultType="com.by.pojo.User">
        select * from user
    </select>

    <select id=