MyBatis String作为参数
[英]MyBatis String as Parameter
问题描述
I want to use a String parameter for a Select Statement in MyBatis. 
我想在MyBatis中为Select语句使用String参数。 My mapper.xml: 我的mapper.xml:
<select id="selectAll" parameterType="String" resultMap="fastXMLResultMap">
SELECT CREATIONDATE, DOCUMENTID, TITEL, REGTITEL, INFORCEDATE, DOCTYPE
FROM #{databBaseTable}
</select>
And the calling function: 和调用功能:
public List<FastXMLObject> selectAll(String databBaseTable) {
SqlSession session = sqlSessionFactory.openSession();
System.out.println("Table: "+databBaseTable);
try {
List<FastXMLObject> list = session.selectList("FastXMLObject.selectAll",databBaseTable);
return list;
} finally {
session.close();
}
}
The string dataBaseTable is the name of the table of my database (who would have thought that) because I want to get data dynamically from verious tables. 字符串dataBaseTable是我的数据库的表的名称(谁会想到)因为我想从verious表中动态获取数据。
But unfortunatelly this does not work: Error: ORA-00903: Ungültiger Tabellenname (invalid table name) but it isnt. 但不幸的是,这不起作用:错误:ORA-00903:UngültigerTabellenname(表名无效)但它不是。 When I print out the value of "databBaseTable" it is the exact name of the table. 当我打印出“databBaseTable”的值时,它就是表的确切名称。 And when I write the name of the table to my mapper.xml without a variable it works. 当我将表的名称写入我的mapper.xml而没有变量时,它可以工作。 What do I do wrong? 我做错了什么?
3 个解决方案
解决方案1
24 已采纳 2012-08-01 13:31:00
Use ${dataBaseTable} instead of '#'. 使用${dataBaseTable}而不是'#'。 The difference is that '#' is used for PreparedStatement substitution. 不同之处在于'#'用于PreparedStatement替换。 '$' is for direct String substitution. '$'用于直接字符串替换。
However, if you do this, you can't pass the table name in as a parameter to the selectList() call. 但是,如果执行此操作,则无法将表名作为参数传递给selectList()调用。 You need to set the table name as a property. 您需要将表名称设置为属性。 Properties can be set by using the <properties> element in the MyBatis config.xml or directly in code by using Configuration.getVariables() . 可以使用MyBatis config.xml中的<properties>元素或使用Configuration.getVariables()直接在代码中设置<properties> 。
See the 'String Substitution' section in the MyBatis Docs . 请参阅MyBatis文档中的“字符串替换”部分。
解决方案2
7 2012-08-01 13:52:27
Ok I definitely do not know why this works but I just used the following to solve the problem: 好吧我绝对不知道为什么会这样,但我只是使用以下方法来解决问题:
<select id="selectAll" parameterType="String" resultMap="fastXMLResultMap">
SELECT CREATIONDATE, DOCUMENTID, TITEL, REGTITEL, INFORCEDATE, DOCTYPE
FROM ${value}
</select>
I did not set any properties or something else, it was just the change from FROM #{databBaseTable} to FROM ${value} 我没有设置任何属性或其他东西,只是从FROM #{databBaseTable}更改为FROM ${value}
I someone could answer why this works would be nice. 我有人可以回答为什么这个工作会很好。 But for now this really helped me. 但是现在这对我有帮助。
解决方案3
3 2013-05-23 09:49:25
With the #{..} syntax MyBatis uses a jdbc PreparedStatement object upon which you cannot specify the table name as a parameter. 使用#{..}语法,MyBatis使用jdbc PreparedStatement对象,您无法在该对象上将表名指定为参数。 With #{..} you can only parameterize the parameters of the sql statement. 使用#{..},您只能参数化sql语句的参数。
When you use ${..} syntax MyBatis does plain old string substition so your free to parameterize pretty much any part of the sql you desire. 当你使用$ {..}语法MyBatis做普通的旧字符串替换,所以你可以自由地参数化你想要的sql的任何部分。
Note: as a by the way: with #{..} you are pretty safe from sql injection, but with ${..} it does open the door to such attacks 注意:顺便说一下:使用#{..}你可以非常安全地从sql注入,但是使用$ {..}它确实为这种攻击敞开了大门
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.