Mybatis-plus 3.x 用${DIY_SQL} 自定义SQL 被防止注入了,查询不到数据?
Java 代码
List<HouseResourceDto> queryByHouseResource(@Param("page") Page<HouseResourceDto> page,
@Param("projectId") String projectId,
@Param("filtrateSQL") Map<String, Object> filtrateSQL,
@Param("type") Integer type);
XML
<select id="queryByHouseResource" resultType="com.bootdo.house.dto.HouseResourceDto">
SELECT
<include refid="HouseResourceList"/>
FROM
t_house_resource
INNER JOIN t_project ON t_house_resource.project_id = t_project.id
INNER JOIN (SELECT house_id,MAX(t_house_price.rent_price) priceMax,MIN(t_house_price.rent_price) priceMin FROM
t_house_price GROUP BY t_house_price.house_id) t_house_price ON t_house_price.house_id = t_house_resource.id
<where>
AND t_house_resource.project_id = #{projectId}
<if test="type == 1">
AND t_house_resource.contract = #{type}
</if>
<if test="filtrateSQL != null">
${filtrateSQL.diySql}
</if>
</where>
</select>调用上面的代码控制台打印
==================================Java代码拼接的SQL===============================
key= cx0 v= '2'
key= diySql v= AND JSON_EXTRACT(t_house_resource.params,'$.fygk.v.cx.i') = #{filtrateSQL.cx0}
==================================Java代码拼接的SQL===============================
Creating a new SqlSession
SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@3359c3f6] was not registered for synchronization because synchronization is not active
JDBC Connection [com.mysql.cj.jdbc.ConnectionImpl@2f166d61] will not be managed by Spring
JsqlParserCountOptimize sql=SELECT
t_house_resource.id id,
t_house_resource.images imgUrl,
t_house_resource.`name` title,
t_house_resource.area area,
t_house_resource.name_tag nameTag,
t_project.category category,
t_project.id projectId,
t_house_price.priceMax,
t_house_price.priceMin
FROM
t_house_resource
INNER JOIN t_project ON t_house_resource.project_id = t_project.id
INNER JOIN (SELECT house_id,MAX(t_house_price.rent_price) priceMax,MIN(t_house_price.rent_price) priceMin FROM
t_house_price GROUP BY t_house_price.house_id) t_house_price ON t_house_price.house_id = t_house_resource.id
WHERE t_house_resource.project_id = ?
AND t_house_resource.contract = ?
AND JSON_EXTRACT(t_house_resource.params,'$.fygk.v.cx.i') = ?
==> Preparing: SELECT COUNT(1) FROM t_house_resource INNER JOIN t_project ON t_house_resource.project_id = t_project.id INNER JOIN (SELECT house_id, MAX(t_house_price.rent_price) priceMax, MIN(t_house_price.rent_price) priceMin FROM t_house_price GROUP BY t_house_price.house_id) t_house_price ON t_house_price.house_id = t_house_resource.id WHERE t_house_resource.project_id = ? AND t_house_resource.contract = ? AND JSON_EXTRACT(t_house_resource.params, '$.fygk.v.cx.i') = ?
==> Parameters: a2faa4ae6c2d41e5969090c2f80ff163(String), 1(Integer), '2'(String)
<== Columns: COUNT(1)
<== Row: 0
Closing non transactional SqlSession [org.apache.ibatis.session.defaults.DefaultSqlSession@3359c3f6]
根据上方日志打印出来的日志SQL,执行SQL是有数据的,想问下,为什么不可以这么写,到底要怎么写才能够在Java代码中拼接SQL放在Mybatis中可查询到数据
SQL执行结构
### 问题描述
问题出现的环境背景及自己尝试过哪些方法
相关代码
// 请把代码文本粘贴到下方(请勿用图片代替代码)
你期待的结果是什么?实际看到的错误信息又是什么?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论