Mybatis in realizing dynamic table name to participate, you can use ${tableName} to implement, but it will happen the problem of SQL injection, and if we use # {tableName} will more quotes, SQL error caused for dynamic table name and bosses have a solution of a problem?

CodePudding user response:

Directly write a Mybatis plug-in tableName replaced the line not line, the SQL statements.

CodePudding user response:

${tableName} can be done with this, oneself to filter, the parameters are not allowed to have a special symbol as a tableName the value of the parameter is ok,

CodePudding user response:

refer to the second floor li905663280 response:

${tableName} can use this to implement, oneself to filter, the parameters are not allowed to have a special symbol as a tableName the value of the parameter is ok,

In practice, however, this should be an alternative, but the lz is currently encountered problem of SQL injection vulnerabilities detection report feedback, it scans the mybatis ${} variable in the configuration file is

CodePudding user response:

Are you prepared to how to deal with? 1. All split, directly,