Mybatis # {} preprocessing error-CodePudding

1. Use Mybatis secondary database operation, Cql statement: MATCH (N {NAME: "Yang mi, BORN: 34}) SET N: OAUTH_USER RETURN N, can perform,

2. The Cql incoming has two parameters, the parameter is a String type:
2.1 # {node} : {NAME: "Yang mi, BORN: 34}
2.2 # {labelCode} : N: OAUTH_USER

3. If you use ${} accept parameters, perform Cql statement, if you use the # {} accept parameters are thrown fault:

Look at content is pretreatment failed, I doubt is caused inside parameter contains {},

4. The entity class

 
/* */node label management 
Public class LabelCenter {

/* */node 
String node; 

/* relationship coding */
String labelCode; 

//region the get and set the 
Public String getNode () {
return node; 
} 

Public void setNode (String node) {
Enclosing the node=node; 
} 

Public String getLabelCode () {
Return labelCode; 
} 

Public void setLabelCode (String labelCode) {
Enclosing labelCode=labelCode; 
} 
//endregion the get and set the 

}

5. Mapp. XML

 
<? The XML version="1.0" encoding="utf-8"?> 


MATCH (N# {node}) SET N: # {labelCode} RETURN N 
 

MATCH (N# {node}) REMOVE N: # {labelCode} RETURN N

5. Mapper. Java

 
Package com. Eee. Neo4jmybatis. Mapper; 


The import com. Eee. Neo4jmybatis. Base. LabelCenter; 

Public interface LabelCenterMapper {

/* new */
Public int the add (LabelCenter LabelCenter); 

/* delete */
Public int the delete (LabelCenter LabelCenter); 
}

6. Test the Java

 
@ Test 
Public void the delete () {

//points to n4oj node in an XML configuration file 
SqlSession SqlSession=Neo4jConnectionFactory. GetSqlSessionFactory (" secondary ") 
OpenSession (); 

Try {

LabelCenterMapper LabelCenterMapper=sqlSession. GetMapper (LabelCenterMapper. Class); 

LabelCenter LabelCenter=new LabelCenter (); 

LabelCenter. SetNode (" {NAME: "Yang mi, BORN: 34}"); 
LabelCenter. SetLabelCode (LabelEnum. OAUTH_USER. GetCode ()); 

Int I=labelCenterMapper. Delete (labelCenter); 

SqlSession.com MIT (); 

System. The out. Println (" I: "+ I); 
} the finally {
SqlSession. Close (); 
} 
}

CodePudding user response:

I find it is like # {} never delivered value in, but not ${}

CodePudding user response:

# {} can [u] prevent SQL injection, is after a precompiled SQL statement, it is to put the # {} to escape into a string in the middle of the parameters, the precompiled, dynamic parsed into a parameter marker?
While using the ${} in the dynamic analysis, will the incoming string parameters, namely '? , '
In simple terms is:
Direct assignment # {} this is the parameter, good will compile SQL statements in the parameter values directly assign up
${} this is the parameter assignment in quotation marks, also is the first value later to compile SQL statement
And SQL is weak, so the general Chinese do not contain 'execution is complains,
(personal understanding... )

CodePudding user response:

reference solution were to reply on the second floor:

# {} can [u] prevent SQL injection, is after a precompiled SQL statement, it is to put the # {} to escape into a string in the middle of the parameters, the precompiled, dynamic parsed into a parameter marker?
While using the ${} in the dynamic analysis, will the incoming string parameters, namely '? , '
In simple terms is:
Direct assignment # {} this is the parameter, good will compile SQL statements in the parameter values directly assign up
${} this is the parameter assignment in quotation marks, also is the first value later to compile SQL statement
And SQL is weak, so the general Chinese do not contain 'execution is complains,
(personal understanding... )

I understand, but I don't know how to solve this problem