1.第一种使用like concat
<select parameterType="SysLogininfor" resultMap="SysLogininforResult">
select info_id, user_name, ipaddr, login_location, browser, os, status, msg, login_time from sys_logininfor
<where>
<if test="ipaddr != null and ipaddr != ''">
AND ipaddr like concat('%', #{ipaddr}, '%')
</if>
<if test="status != null and status != ''">
AND status = #{status}
</if>
<if test="userName != null and userName != ''">
AND user_name like concat('%', #{userName}, '%')
</if>
<if test="params.beginTime != null and params.beginTime != ''"><!-- 开始时间检索 -->
and date_format(login_time,'%y%m%d') >= date_format(#{params.beginTime},'%y%m%d')
</if>
<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
and date_format(login_time,'%y%m%d') <= date_format(#{params.endTime},'%y%m%d')
</if>
</where>
order by info_id desc
</select>
2.第二种,也是工作中遇到的问题,第一种不生效,可能是因为oracle数据库不兼容的问题 <select resultType="int"> SELECT count(*) FROM TCOUPONS_WEB_CONTROL where 1=1 <if test="couponsName != null and couponsName != ''"> <bind name="blockNameLike" value="'%'+couponsName+'%'"/> AND COUPONS_NAME like #{blockNameLike} </if> </select>
使用bind可以预防sql注入。