本文介绍了一个关于MyBatis配置文件中SQL语法错误的问题,详细解释了如何正确使用参数化防止SQL注入攻击,并提供了正确的SQL语句示例。
1 <?xml version="1.0" encoding="UTF-8"?> 2 <!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd" > 3 <!-- 命名空间要和接口的全限定名相同 --> 4 <mapper namespace="com.imp.IStudents"> 5 <select id="selectLike" parameterType="String" resultType="students"> 6 select * from students where name like '%${value}%' 7 </select> 8 9 10 </mapper>
org.apache.ibatis.exceptions.PersistenceException:
### Error querying database. Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like '%逸%'' at line 1
### The error may exist in com/imp/IStudents.xml
### The error may involve com.imp.IStudents.selectLike-Inline
### The error occurred while setting parameters
### SQL: select * from students name like '%逸%'
### Cause: com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'like '%逸%'' at line 1
错误原因:select语句写错了
select * from students where name like '%逸%'
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
