mybatis模糊查询

时间:2023-01-05 11:05:02

1.第一种使用like concat

<select  parameterType="SysLogininfor" resultMap="SysLogininforResult">
	select info_id, user_name, ipaddr, login_location, browser, os, status, msg, login_time from sys_logininfor
	<where>
		<if test="ipaddr != null and ipaddr != ''">
			AND ipaddr like concat('%', #{ipaddr}, '%')
		</if>
		<if test="status != null and status != ''">
			AND status = #{status}
		</if>
		<if test="userName != null and userName != ''">
			AND user_name like concat('%', #{userName}, '%')
		</if>
		<if test="params.beginTime != null and params.beginTime != ''"><!-- 开始时间检索 -->
			and date_format(login_time,'%y%m%d') &gt;= date_format(#{params.beginTime},'%y%m%d')
		</if>
		<if test="params.endTime != null and params.endTime != ''"><!-- 结束时间检索 -->
			and date_format(login_time,'%y%m%d') &lt;= date_format(#{params.endTime},'%y%m%d')
		</if>
	</where>
	order by info_id desc
</select>

2.第二种,也是工作中遇到的问题,第一种不生效,可能是因为oracle数据库不兼容的问题 <select resultType="int"> SELECT count(*) FROM TCOUPONS_WEB_CONTROL where 1=1 <if test="couponsName != null and couponsName != ''"> <bind name="blockNameLike" value="'%'+couponsName+'%'"/> AND COUPONS_NAME like #{blockNameLike} </if> </select>

使用bind可以预防sql注入。