public void insertStudent(Student student)
{
SqlSession session=SqlSesionUtil.getSession();
session.insert("insertStudent","Student");
session.submit();
SqlSesionUtil.close(session);
<insert id="Student">
insert into Student(name,age) values(#{name},#{age});
<seleceKey keyColumn="id" keyProperty="id" order="AFTER" resultType="Long">
select@@indentity
<seleceKey>
<insert>
}
public void deleteStudentById(id){
{
SqlSession session=SqlSesionUtil.getSession();
session.delete("deleteStudentById","id");
session.submit();
SqlSesionUtil.close(session);
<delete id="deleteStudentById">
delete from Student where id=#{xxx};
<delete>
}
public Student selectStudentById(Long id)
{
SqlSession session=SqlSesionUtil.getSession();
Student student=session.selectOne("id");
SqlSesionUtil.close(session);
return Student;
<select id="selectStudentById" resultType="student">
select * from Studen where id=#{xxx};
<select>
}
public list<Student> selectStudentAll(Student student)
{
SqlSession session=SqlSessionUtil.getSession();
List list=session.selectStudentAll();
return list;
<selsect id="selectStudentAll" resultType="student">
select * from student;
<select>
}
public Map<String,Student> selectStudentAll(Student student)
{
SqlSession session=SqlSessionUtil.getSession();
Map<String,Student> map=session.selectMap("selectStudentAll","name");
SqlSessionUtil.close(session);
return map;
<selsect id="selectStudentAll" resultType="student">
select * from student;
<select>
}
$和#的区别
理论上的区别:
$是字符拼接 ,#是预编译
使用上的区别:
${对象中的属性名} 如果参数对象是基本数据格式那么这个必须填写value
#{对象中的属性名/任意} 如果参数对象是基本数据个那么这里可以填写任意内容
性能以及安全区别:
#使用预编译 因此执行速度快 可以防止SQL的注入安全性高
$使用字符串的拼接 因此执行速度慢 ,容易导致SQL注入攻击安全性低
<select id="selectStudentlikeName1" resultType="student">
select * from student where name like '%'#{name} '%';
<select>
<select id="selectStudentlikeName2" resultType="student">
select * from student where name like cancat('%',#{name}, '%');
<select>
<select id="selectStudentlikeName3" resultType="student">
select * from student where name like '$%{value}%';
<select>