查看了许多文章,发现都是使用${}的方法去实现,如果不进行过滤会有sql注入的风险,于是想了一种使用单纯使用Mybatis动态标签实现的方法

    <select id="selectProductList" parameterType="ProductListQuery">
        SELECT * from product
        <if test="productSaleDesc != null or productScoreDesc != null or productPriceDesc != null or createTimeDesc != null">
            <trim prefix="order by" suffixOverrides=",">
                <if test="productSaleDesc != null and productSaleDesc == 0">
                    product.product_sale DESC,
                </if>
                <if test="productSaleDesc != null and productSaleDesc == 1">
                    product.product_sale ASC,
                </if>
                <if test="productScoreDesc != null and productScoreDesc == 0">
                    product.product_score DESC,
                </if>
                <if test="productScoreDesc != null and productScoreDesc == 1">
                    product.product_score ASC,
                </if>
                <if test="productPriceDesc != null and productPriceDesc == 0">
                    product.product_price DESC,
                </if>
                <if test="productPriceDesc != null and productPriceDesc == 1">
                    product.product_price ASC,
                </if>
                <if test="createTimeDesc != null and createTimeDesc == 0">
                    product.create_time DESC,
                </if>
                <if test="createTimeDesc != null and createTimeDesc == 1">
                    product.create_time ASC,
                </if>
            </trim>
        </if>
    </select>

# mysql # sql # java
Logo
华为云开发者联盟

为开发者提供学习成长、分享交流、生态实践、资源工具等服务,帮助开发者快速成长。

更多推荐

cover

从原始边列表到邻接矩阵Python实现图数据处理的完整指南

avatar 华为云开发者联盟
cover

解锁HDC 2024之旅:从购票到报名,全程攻略

avatar 华为云开发者联盟
cover

华为云云原生FinOps解决方案,释放云原生最大价值

avatar 华为云开发者联盟