<select id="findUsersByUserName2" resultType="java.util.Map" parameterType="Params">
SELECT
id as uid,
username as uname,
password as pwd,
account as act,
telephone,
idcard,
create_time as createTime,
is_delete as isDelete,
male,
birthday,
email,
address,
update_time as updateTime,
teacher_id as teacherId,
subject_id as subjectId,
age,
status,
type
FROM
tz_user
WHERE
username LIKE '%${username}%'
AND `password` = #{password}
ORDER BY ${order}
</select>
ORDER BY ${order} 和模糊查询 username LIKE '%${username}%' 是用$符号,其他的大多是用 #{} 来获取传递的参数。
ORDER BY 还可以用#{}符号传递参数。
#{} 将传入的数据都当成一个字符串,会对自动传入的数据加一个双引号。如:order by #{userId},如果传入的值是111, 那么解析成sql时的值为order by "111", 如果传入的值是id,则解析成的sql为order by "id".
${} 将传入的数据直接显示生成在sql中,是什么就是什么,没有加双引号:select * from table1 where id=${id} 若 id = 4,则就是:select * from table1 where id = 4;
最好是能用 #{} 就用它,因为它可以防止sql注入,且是预编译的,在需要原样输出时才使用 ${}
记住一点:单引号里面的用 ${} 符号,ORDER BY 可以用${}或者#{}符号,用 #{} 的不能加单引号,因为默认加了引号