zoukankan      html  css  js  c++  java
  • mybatis%_查询

    当使用模糊查询的时候,如果前端传% 或者 _ 查询,如果不处理的话,查询是所有的.但是我就想匹配% 呢?
    可以执行以下两个sql语句,改成自己的表字段:

    SELECT count(0) FROM test WHERE `name` LIKE concat('%', '%', '%') ;
    SELECT count(0) FROM test WHERE `name` LIKE concat('%', '/%', '%') ESCAPE '/' ;
    

    通过escape关键字就可以进行转译,那解决办法很明显了;
    1.这里就需要对传的参数进行拦截替换,将% _ 改为 /% /_
    2.like后面添加ESCAPE ‘/’ ;
    我使用的是mybatis的拦截器统一处理,比较方便了,可以直接复制过去,注意导入的包的问题,版本问题:

    import org.apache.ibatis.builder.SqlSourceBuilder;
    import org.apache.ibatis.executor.Executor;
    import org.apache.ibatis.mapping.BoundSql;
    import org.apache.ibatis.mapping.MappedStatement;
    import org.apache.ibatis.mapping.SqlSource;
    import org.apache.ibatis.plugin.*;
    import org.apache.ibatis.reflection.DefaultReflectorFactory;
    import org.apache.ibatis.reflection.MetaObject;
    import org.apache.ibatis.reflection.factory.DefaultObjectFactory;
    import org.apache.ibatis.reflection.factory.ObjectFactory;
    import org.apache.ibatis.reflection.wrapper.DefaultObjectWrapperFactory;
    import org.apache.ibatis.reflection.wrapper.ObjectWrapperFactory;
    import org.apache.ibatis.scripting.xmltags.DynamicContext;
    import org.apache.ibatis.scripting.xmltags.SqlNode;
    import org.apache.ibatis.session.Configuration;
    import org.apache.ibatis.session.ResultHandler;
    import org.apache.ibatis.session.RowBounds;
    
    import java.util.ArrayList;
    import java.util.List;
    import java.util.Map;
    import java.util.Properties;
    import java.util.regex.Matcher;
    import java.util.regex.Pattern;
    
    @Intercepts({@Signature(type = Executor.class, method = "query", args = {MappedStatement.class, Object.class, RowBounds.class, ResultHandler.class})})
    public class QueryStringEscapeInterceptor implements Interceptor {
    
        private static final ObjectFactory DEFAULT_OBJECT_FACTORY = new DefaultObjectFactory();
        private static final ObjectWrapperFactory DEFAULT_OBJECT_WRAPPER_FACTORY = new DefaultObjectWrapperFactory();
        private static final String ROOT_SQL_NODE = "sqlSource.rootSqlNode";
    
        @Override
        public Object intercept(Invocation invocation) throws Throwable {
            Object parameter = invocation.getArgs()[1];
            MappedStatement statement = (MappedStatement) invocation.getArgs()[0];
            MetaObject metaMappedStatement = MetaObject.forObject(statement, DEFAULT_OBJECT_FACTORY, DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory());
            BoundSql boundSql = statement.getBoundSql(parameter);
            if (metaMappedStatement.hasGetter(ROOT_SQL_NODE)) {
                SqlNode sqlNode = (SqlNode) metaMappedStatement.getValue(ROOT_SQL_NODE);
                getBoundSql(statement.getConfiguration(), boundSql.getParameterObject(), sqlNode);
            }
            return invocation.proceed();
        }
    
        @Override
        public Object plugin(Object target) {
            return Plugin.wrap(target, this);
        }
    
        @Override
        public void setProperties(Properties properties) {
        }
    
        public static BoundSql getBoundSql(Configuration configuration, Object parameterObject, SqlNode sqlNode) {
            DynamicContext context = new DynamicContext(configuration, parameterObject);
            sqlNode.apply(context);
            String countextSql = context.getSql();
            SqlSourceBuilder sqlSourceParser = new SqlSourceBuilder(configuration);
            Class<?> parameterType = parameterObject == null ? Object.class : parameterObject.getClass();
            String sql = modifyLikeSql(countextSql, parameterObject);
            SqlSource sqlSource = sqlSourceParser.parse(sql, parameterType, context.getBindings());
    
            BoundSql boundSql = sqlSource.getBoundSql(parameterObject);
            for (Map.Entry<String, Object> entry : context.getBindings().entrySet()) {
                boundSql.setAdditionalParameter(entry.getKey(), entry.getValue());
            }
            return boundSql;
        }
    
        public static String modifyLikeSql(String sql, Object parameterObject) {
            if (!sql.toLowerCase().contains("like")) {
                return sql;
            }
            String reg = "\bLIKE\b.*\#\{\b.*\}";
            Pattern pattern = Pattern.compile(reg, Pattern.CASE_INSENSITIVE);
            Matcher matcher = pattern.matcher(sql);
    
            List<String> replaceFiled = new ArrayList<String>();
    
            while (matcher.find()) {
                int n = matcher.groupCount();
                for (int i = 0; i <= n; i++) {
                    String output = matcher.group(i);
                    if (output != null) {
                        String key = getParameterKey(output);
                        if (replaceFiled.indexOf(key) < 0) {
                            replaceFiled.add(key);
                        }
                    }
                }
            }
            // 修改参数
            MetaObject metaObject = MetaObject.forObject(parameterObject, DEFAULT_OBJECT_FACTORY, DEFAULT_OBJECT_WRAPPER_FACTORY, new DefaultReflectorFactory());
            for (String key : replaceFiled) {
                Object val = metaObject.getValue(key);
                if (val != null && val instanceof String && (val.toString().contains("%") || val.toString().contains("_"))) {
                    val = val.toString().replaceAll("%", "/%").replaceAll("_", "/_");
                    metaObject.setValue(key, val);
                }
            }
            return sql;
        }
    
        private static String getParameterKey(String input) {
            String key = "";
            String[] temp = input.split("#");
            if (temp.length > 1) {
                key = temp[1];
                key = key.replace("{", "").replace("}", "").split(",")[0];
            }
            return key.trim();
        }
    
    }
    

    ,然后在like 查询后面手动添加个ESCAPE ‘/’ ; 就好了,
    版本问题在mybatis3.4.0版本是没有这个参数的,删掉就好了,我使用的是3.5.0有这个参数,注意一下就好了:
    在这里插入图片描述

    世界上所有的不公平都是由于当事人能力不足造成的.
  • 相关阅读:
    Postman+Newman+Git+JenKins+钉钉(接口自动化测试持续集成)CI_知识回顾与整理
    GitHub 使用入门
    python中json文件处理涉及的四个函数json.dumps()和json.loads()、json.dump()和json.load()的区分
    python实现:重复列表按重复次数排序
    python中lambda匿名函数的用法
    Python中各种符号的意义
    OSI七层协议和TCP/IP的4层、5层协议
    Jmeter中传参输入位置[chrome中区分是否json传参]
    Jmeter中http cookie Manager、Http Header Manager
    jQuery 获取屏幕高度、宽度
  • 原文地址:https://www.cnblogs.com/javayida/p/13347063.html
Copyright © 2011-2022 走看看