https://github.com/andyron/readmybatis
https://github.com/andyron/readmybatis
Last synced: 11 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/andyron/readmybatis
- Owner: andyRon
- License: apache-2.0
- Created: 2022-07-18T15:07:24.000Z (almost 4 years ago)
- Default Branch: main
- Last Pushed: 2024-04-28T10:04:01.000Z (about 2 years ago)
- Last Synced: 2025-03-14T22:47:03.609Z (about 1 year ago)
- Language: Java
- Size: 5.81 MB
- Stars: 0
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# ReadMyBatis
JDBC
```java
```
Mybatis3 小结
```java
DataSourceFactory
UnpooledDataSourceFactory❤️
PooledDataSourceFactory
JndiDataSourceFactory
```
### 源码看#{}和${}的区别
https://blog.csdn.net/Zhs901026/article/details/103911937
- `#{param}`不仅仅涉及参数替换,还涉及参数类型的处理,这是`${}`不能代替的,也就是说使用`${}`来替换#{}本身就不符合mybatis的使用原则,所以两者并没有安全性比较的意义!
- `#{param}`只能用于statementType=“PREPARED"情况,因为#{param}在mybatis内部肯定会被替换成”?"的,这就要求必须使用`PreparedStatement`来处理,这是mybatis内部原理实现的,并不是很多博文所说的#{param}会加上"引号"云云…如果#{param}代表的是数字,mybatis断然不会给该数字加"引号"的。所以说#{}能有效预防sql注入是因为底层使用了PreparedStatement,而不是其他任何原因。