模糊查询的like '%$name$%'的sql注入避免
Ibatis like 查询防止SQL注入的方法
Ibatis like 查询防止SQL注入的方法
mysql: select * from tbl_school where school_name like concat('%',#name#,'%')
oracle: select * from tbl_school where school_name like '%'||#name#||'%'
sql server:select * from tbl_school where school_name like '%'+#name#+'%'
mysql: select * from tbl_school where school_name like concat('%',#name#,'%')
oracle: select * from tbl_school where school_name like '%'||#name#||'%'
sql server:select * from tbl_school where school_name like '%'+#name#+'%'
记住该记住的,忘记该忘记的,改变能改变的,接受不能改变的!
