Mybatis的插入操作

1.在goods.xml中增加insert的SQL语句

<insert id="insert" parameterType="com.imooc.mybatis.entity.Goods">
        INSERT INTO t_goods(title, sub_title, original_cost, current_price, discount, is_free_delivery, category_id)
        VALUES (#{title} , #{subTitle} , #{originalCost}, #{currentPrice}, #{discount}, #{isFreeDelivery}, #{categoryId})
        <selectKey resultType="Integer" keyProperty="goodsId" order="AFTER">
            SELECT last_insert_id()
        </selectKey>
</insert>

2.创建test测试类

@Test
    public void testInsert() {
        SqlSession sqlSession = null;

        try {
            sqlSession = MyBatisUtils.openSession();
            Goods goods = new Goods();
            goods.setTitle("测试商品");
            goods.setSubTitle("测试子标题");
            goods.setOriginalCost(200f);
            goods.setCurrentPrice(100f);
            goods.setDiscount(0.5f);
            goods.setIsFreeDelivery(1);
            goods.setCategoryId(43);
            //代表本次插入的记录总数
            int insert = sqlSession.insert("goods.insert",goods);
            System.out.println(goods.getGoodsId());
            sqlSession.commit();
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        } finally {
            MyBatisUtils.closeSession(sqlSession);
        }
    }

selectKey和useGeneratedKeys的区别

selectKey标签需要明确编写获取最新主键的SQL语句，适用于所有的关系型数据库

useGeneratedKeys属性会自动根据驱动生成对应SQL语句，只适用于自增主键类型的数据库

Mybatis更新操作

1.在goods.xml中增加updateSQL语句

<update id="update" parameterType="com.imooc.mybatis.entity.Goods">
        UPDATE t_goods
        SET
            title = #{title} ,
            sub_title = #{subTitle} ,
            original_cost = #{originalCost} ,
            current_price = #{currentPrice} ,
            discount = #{discount} ,
            is_free_delivery = #{isFreeDelivery} ,
            category_id = #{categoryId}
        WHERE
            goods_id = #{goodsId}
</update>

2.编写测试类

@Test
    public void testUpdate() {
        SqlSession sqlSession = null;

        try {
            sqlSession = MyBatisUtils.openSession();
            //代表本次插入的记录总数
            Goods goods = sqlSession.selectOne("goods.selectById", 739);
            goods.setTitle("测试商品");
            goods.setSubTitle("测试子标题");
            goods.setOriginalCost(200f);
            goods.setCurrentPrice(100f);
            goods.setDiscount(0.5f);
            goods.setIsFreeDelivery(1);
            goods.setCategoryId(43);
            int update = sqlSession.update("goods.update", goods);
            sqlSession.commit();
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        } finally {
            MyBatisUtils.closeSession(sqlSession);
        }

    }

Mybatis删除操作

1.在goods.xml中增加删除SQL语句

<delete id="delete" parameterType="Integer">
        DELETE FROM t_goods WHERE goods_id = #{value}
</delete>

2.编写测试类

@Test
    public void testDelete() {
        SqlSession sqlSession = null;

        try {
            sqlSession = MyBatisUtils.openSession();

            //代表本次插入的记录总数
            sqlSession.delete("goods.delete",739);
            sqlSession.commit();
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        } finally {
            MyBatisUtils.closeSession(sqlSession);
        }
    }

预防SQL注入攻击

SQL注入是指攻击者利用SQL漏洞，绕过系统约束，越权获取数据的攻击方式

Mybatis两种传值方式

${}文本替换，未经处理对SQL文本进行文本替换

#{}预编译传值，使用预编译传值可以预防SQL注入

总结：Mybatis工作流程

创建核心配置文件（全局设置项、环境配置、mapper声明）

SqlSessionFactory，创建SqlSession

SqlSession-->mapper.xml，实现增删改查操作

对事务进行提交或者回滚

Session close（关闭会话任务）