mybatis的parameterType為map，map里帶有多個list

我寫這個主要是為了解決sql注入

原sql有sql注入，

 

 

 

結果：select req_msg_id from account_message_info where req_msg_id in ('1230','1231','1232','1233','1234') and user_card_no in('123','123','123','123','123') 

但是#直接替換的話，是只有一個字符串了，

結果：

select req_msg_id from account_message_info where req_msg_id in (?) and user_card_no in(?)
'1230','1231','1232','1233','1234'(String), '123','123','123','123','123'(String)

所以用foreach

 

 dao層

 

 service層

 

 結果為：

select req_msg_id from account_message_info where req_msg_id in ( ? , ? , ? , ? , ? ) and user_card_no in ( ? , ? , ? , ? , ? )
1230(String), 1231(String), 1232(String), 1233(String), 1234(String), 123(String), 123(String), 123(String), 123(String), 123(String)