整理iBATIS的一些重要点和一些常见问题的解决

1、iBatis配置：增加记录时返回随机生成的主键值：

<insert id=/"insertIntoDB/" parameterClass=/"BepsContract/">
<selectKey resultClass=/"int/" keyProperty=/"contractPk/">
SELECT BEPS_CONTRACT_PK.NEXTVAL FROM DUAL
</selectKey>
insert into 。。。。。
</insert>

2.动态添加参数

<select id=/"selectIncomingTimeDebitPkg/" resultClass=/"java.util.HashMap/" parameterClass=/"CondPkgheadTo/">
select B.*, FLOOR((select WORKING_DAY from NCS_BEPS_MBFE_STATUS where BRANCH_ID = #branchId:VARCHAR#) - B.CONSIGNED_DATE) AS REMAIN_DAYS
from NCS_BEPS_PKGHEAD B
where MSG_CODE = #msgCode:VARCHAR# and
BRANCH_ID = #branchId:VARCHAR# and
package_head_pk in (select package_head_pk from ncs_beps_txn_in where
MSG_CODE = #msgCode:VARCHAR# and
BRANCH_ID = #branchId:VARCHAR# and
GROUP_ID = #groupId:VARCHAR#
<isNotNull property=/"processStatusList/">
<iterate prepend=/"and/" property=/"processStatusList/" open=/"(/" close=/")/" conjunction=/"or/">
PROCESS_STATUS =( #processStatusList[]# )
</iterate>
</isNotNull>
)
<iterate prepend = /"and/" property = /"msgProcessStatusList/" open = /" (/" close = /") /" conjunction = /"or/">
MSG_PROCESS_STATUS = ( #msgProcessStatusList[]# )
</iterate>
<isNotNull property=/"searchFailStatus/" prepend=/"and/">
<!--[CDATA[ BEPS_STATUS <> /'BACK00/' ]]-->
</isNotNull>
</select>

3.关键字:#和$的区别

一个项目中在写ibatis中的sql语句时，order by #field#, 运行时总是报错，后来上网查了查，才知道这里不该用#,而应该用$,随即查了下#与$的区别．

总结如下:

1.#是把传入的数据当作字符串，如#field#传入的是id,则sql语句生成是这样，order by "id",这当然会报错．．

2.$传入的数据直接生成在sql里，如#field#传入的是id,则sql语句生成是这样，order by id, 这就对了．

3.#方式能够很大程度防止sql注入．

4.$方式无法方式sql注入．

5.$方式一般用于传入数据库对象．例如传入表名.

6.一般能用#的就别用$.