sql预期:
SELECT
*
FROM
BUILDING_INFO
WHERE
( CITY_ID = 7 )
AND ( BUILD_NAME LIKE '%高标大厦%' OR BUILD_ADDR LIKE '%高标大厦%' )
ORDER BY
CITY_ID DESC
java代码实现:
ErpBuildingInfoExample example = new ErpBuildingInfoExample();
example.setShardCityId(7);
example.setOrderByClause(" CITY_ID DESC");
ErpBuildingInfoExample.Criteria criteria = example.createCriteria();
criteria.andCityIdEqualTo(Short.valueOf("7"));
//关键字
if (StringUtil.isNotBlank(matchQueryParam.getPkNameOrAddress())) {
criteria.andBuildNameOrAddrLike(matchQueryParam.getPkNameOrAddress());
}
PageHelper.startPage(matchQueryParam.getPageOffset(), matchQueryParam.getPageRows());
List<ErpBuildingInfo> erpBuildingInfos = buildingInfoMapper.selectByExample(example);
重点:example自定义添加一个方法:
这里的语句因为包含的%模糊查询,避免有恶意的输入%字符进行SQL注入,因此使用ESCAPE过滤保障安全
public Criteria andBuildNameOrAddrLike(String value) {
addCriterion("((BUILD_NAME like '%/" + value + "%' ESCAPE '/') or (BUILD_ADDR like '%/" + value + "%' ESCAPE '/'))");
return (Criteria) this;
}
更多推荐
mybatis使用Example实现or查询
发布评论