Because iBATIS uses PreparedStatement for mapped statements, you have to use the $value$ syntax, or make your parameter contain your % or _ characters. For example, let's say you want your database will end up with is this:
因为iBatis用PreparedStatement来映射statement,你必须用$value$语法,或者确保你的参数包含你的% 或_字符。例如,假设你项执行下面的语句:
select * from foo where value like 'x%'
You can do this:
你可以这么写sqlmap语句:
select * from foo where value like #parm#
But if you do, it becomes this:
但是如果你这么做,他将按照下面语句执行
select * from foo where value like ?
To make that do what you want, you need to make the parameter "x%" by setting parm to "x%".
为了保证你的目标,你需要把"x%"作为参数值。
If you do not like that approach, you can do this instead:
如果你不想这么做,你可以用下面的取代:
select * from foo where value like '$parm$%'
That still uses a PreparedStatement, but the $parm$ gets inserted as a literal instead of a parameter. So, to get the same results as before, you would set parm to "x". Note that this can be vulnerable to SQL injection attacks, so make sure that all single quotes are escaped in parm.
这仍然用PreparedStatement,但是$parm$用parameter作为占位符,所以,为了得到结果,你应该设置参数为x。
注意这可能引起SQL注入攻击,所以确保所有参数里的单引号被过滤到