一、Mybatis快速入门

1.1 Mybatis介绍

MyBatis是支持普通SQL查询,存储过程和高级映射的优秀持久层框架。MyBatis消除了几乎所有的JDBC代码和参数的手工设置以及对结果集的检索封装。MyBatis可以使用简单的XML或注解用于配置和原始映射,将接口和Java的POJO(Plain Old Java Objects,普通的Java对象)映射成数库中的记录.JDBC- MyBatis-Hibernate

1.2 Mybatis环境搭建

1.2.1 添加Maven坐标

<dependencies>
        <!-- https://mvnrepository.com/artifact/org.mybatis/mybatis -->
<dependency>
            <groupId>org.mybatis</groupId>
            <artifactId>mybatis</artifactId>
            <version>3.4.4</version>
        </dependency>
        <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java -->
<dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.21</version>
        </dependency>
    </dependencies>

1.2.2 建表

CREATE TABLE users(id iNT PRIMARY KEY AUTO_INCREMENT, NAME VARcHAR(20), age iNT);
INSERT INTO users(NAME, age) VALUES('Tom', 12);
INSERT INTO users(NAME, age) VALUES('Jack', 11);

1.2.3 添加mybatis配置文件

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE configuration PUBLIC "-//mybatis.org//DTD Config 3.0//EN" "http://mybatis.org/dtd/mybatis-3-config.dtd">
<configuration>
    <environments default="development">
        <environment id="development">
            <transactionManager type="JDBC" />
            <dataSource type="POOLED">
                <property name="driver" value="com.mysql.jdbc.Driver" />
                <property name="url" value="jdbc:mysql://localhost:3306/test" />
                <property name="username" value="root" />
                <property name="password" value="root" />
            </dataSource>
        </environment>
    </environments>
</configuration>

1.2.4 定义表的实体类

package com.entity;
public class User {
    private int id;
    private String name;
    private int age;
    //get,set方法
}

1.2.5 定义userMapper接口

package com.itmayiedu.mapper;
import com.itmayiedu.entity.User;
public interface UserMapper {
    public User getUser(int id);
}

1.2.6 定义操作users表的sql映射文件userMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.itmayiedu.mapper.UserMapper">
    <select id="getUser" parameterType="int" resultType="com.itmayiedu.entity.User">
        SELECT *
        FROM users where id =#{id}
    </select>
</mapper>

1.2.7 mybatis.xml文件中加载配置文件

<mappers>
<mapper resource="mapper/userMapper.xml" />
</mappers>

1.2.8 mybatis.xml测试方法

import java.io.File;
import java.io.IOException;
import java.io.Reader;
import org.apache.ibatis.io.Resources;
import org.apache.ibatis.session.SqlSession;
import org.apache.ibatis.session.SqlSessionFactory;
import org.apache.ibatis.session.SqlSessionFactoryBuilder;
import com.itmayiedu.entity.User;
public class TestMybatis {
    public static void main(String[] args) throws IOException {
        String resource = "mybatis.xml";
        // 读取配置文件
        Reader reader = Resources.getResourceAsReader(resource);
        // 获取会话工厂
        SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(reader);
        SqlSession openSession = sqlSessionFactory.openSession();
        // 查询
        String sql = "com.itmayiedu.mapper.UserMapper.getUser";
        // 调用api查询
        User user = openSession.selectOne(sql, 1);
        System.out.println(user.toString());
    }
}

1.2.9 增加案例Xml:

  <insert id="addUser" parameterType="com.itmayiedu.entity.User" >
    
    INSERT INTO users(NAME, age) VALUES(#{name}, #{age});
    </insert>

代码:

static public void add() throws IOException{
        String resource = "mybatis.xml";
        // 读取配置文件
        Reader reader = Resources.getResourceAsReader(resource);
        // 获取会话工厂
        SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(reader);
        SqlSession openSession = sqlSessionFactory.openSession();
        // 查询
        String sql = "com.itmayiedu.mapper.UserMapper.addUser";
        // 调用api查询
        User userPa = new User();
        userPa.setAge(19);
        userPa.setName("张三");
        int reuslt = openSession.insert(sql, userPa);
        System.out.println(reuslt);
    }

1.2.10 删除Xml:

 <delete id="delUser" parameterType="int" >
      delete from users where id=#{id}
    </delete>

代码:

    static public void delUser() throws IOException{
        String resource = "mybatis.xml";
        // 读取配置文件
        Reader reader = Resources.getResourceAsReader(resource);
        // 获取会话工厂
        SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(reader);
        SqlSession openSession = sqlSessionFactory.openSession();
        // 查询
        String sql = "com.itmayiedu.mapper.UserMapper.delUser";
        int reuslt = openSession.delete(sql,1);
        System.out.println(reuslt);
    }

二、sql注入案例

2.1 创建表+测试数据

create table user_table(  
    id      int Primary key,  
    username    varchar(30),  
    password    varchar(30)  
);  
insert into user_table values(1,'yushengjun-1','12345');  
insert into user_table values(2,'yushengjun-2','12345');  

2.2 jdbc进行加载

String username = "yushengjun-1";
String password = "12345";
String sql = "SELECT id,username FROM user_table WHERE " + "username='" + username + "'AND " + "password='"
                + password + "'";
Class.forName("com.mysql.jdbc.Driver");
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "root", "root");
PreparedStatement stat = con.prepareStatement(sql);
System.out.println(stat.toString());
ResultSet rs = stat.executeQuery();
while (rs.next()) {
String id = rs.getString(1);
String name = rs.getString(2);
System.out.println("id:" + id + "---name:" + name);
}

2.3将username的值设置为username=' OR 1=1 -- 或者username or 1='1

因为--表示SQL注释,因此后面语句忽略;

因为1=1恒成立,因此 username='' OR 1=1 恒成立,因此SQL语句等同于:

2.4sql注入解决办法

  • 第一步:编译sql
  • 第二步:执行sql
  • 优点:能预编译sql语句
String username = "username='  OR 1=1 -- ";
        String password = "12345";
        // String sql = "SELECT id,username FROM user_table WHERE " +
        // "username='" + username + "'AND " + "password='"
        // + password + "'";
        String sql = "SELECT id,username FROM user_table WHERE username=? AND password=?";
        Class.forName("com.mysql.jdbc.Driver");
        Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "root", "root");
        PreparedStatement stat = con.prepareStatement(sql);
        stat.setString(1, username);
        stat.setString(2, password);
        System.out.println(stat.toString());
        ResultSet rs = stat.executeQuery();
        while (rs.next()) {
            String id = rs.getString(1);
            String name = rs.getString(2);
            System.out.println("id:" + id + "---name:" + name);
        }

2.4 mybatis中#与$区别

动态 sql 是 mybatis 的主要特性之一,在 mapper 中定义的参数传到 xml 中之后,在查询之前 mybatis 会对其进行动态解析。mybatis 为我们提供了两种支持动态 sql 的语法:#{} 以及 ${}。

在下面的语句中,如果 username 的值为 zhangsan,则两种方式无任何区别:

select * from user where name = #{name};
select * from user where name = ${name};

其解析之后的结果均为

select * from user where name = 'zhangsan';

但是 #{} 和 ${} 在预编译中的处理是不一样的。#{} 在预处理时,会把参数部分用一个占位符 ? 代替,变成如下的 sql 语句:

select * from user where name = ?;

而 ${} 则只是简单的字符串替换,在动态解析阶段,该 sql 语句会被解析成

select * from user where name = 'zhangsan';

以上,#{} 的参数替换是发生在 DBMS 中,而 ${} 则发生在动态解析过程中。

那么,在使用过程中我们应该使用哪种方式呢?

答案是,优先使用 #{}。因为 ${} 会导致 sql 注入的问题。看下面的例子:

 select * from ${tableName} where name = #{name}

在这个例子中,如果表名为

 user; delete user; -- 

则动态解析之后 sql 如下:

select * from user; delete user; -- where name = ?;

--之后的语句被注释掉,而原本查询用户的语句变成了查询所有用户信息+删除用户表的语句,会对数据库造成重大损伤,极大可能导致服务器宕机。

但是表名用参数传递进来的时候,只能使用 ${} ,具体原因可以自己做个猜测,去验证。这也提醒我们在这种用法中要小心sql注入的问题。

2.4.1创建UserTable

package com.itmayiedu.entity;
public class UserTable {
    private int id;
    private String userName;
    private String passWord;
}

2.4.2创建UserTable

package com.itmayiedu.mapper;
import com.itmayiedu.entity.UserTable;
public interface UserTableMapper {
    public UserTable login(UserTable userTable);
}

2.4.3userTableMapper.xml

<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
<mapper namespace="com.itmayiedu.mapper.UserTableMapper">
    <select id="login" parameterType="com.itmayiedu.entity.UserTable"
        resultType="com.itmayiedu.entity.UserTable">
        SELECT id ,username as userName FROM user_table WHERE
        username=${userName} AND password=${passWord}
    </select>

</mapper>

2.4.4 测试SQL注入

public class TestLoginMybatis3 {

    public static void main(String[] args) throws IOException, SQLException, ClassNotFoundException {

        String resource = "mybatis.xml";
        // 读取配置文件
        Reader reader = Resources.getResourceAsReader(resource);
        // 获取会话工厂
        SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(reader);
        SqlSession openSession = sqlSessionFactory.openSession();
        // 查询
        String sql = "com.itmayiedu.mapper.UserTableMapper.login";
        // 调用api查询
        UserTable userTable = new UserTable();
        userTable.setUserName("''  OR 1=1 -- ");
        userTable.setPassWord("12345");
        List<UserTable> listUserTable = openSession.selectList(sql, userTable);
        for (UserTable ub : listUserTable) {
            System.out.println(ub.getUserName());
        }
    }
}

2.4.5 总结

优先使用 #{}。因为 ${} 会导致 sql 注入的问题

三、Mybatis 注解使用

Mybatis提供了增删改查注解、@select @delete @update

3.1 建立注解Mapper

import org.apache.ibatis.annotations.Param;
import org.apache.ibatis.annotations.Select;
import com.itmayiedu.entity.User;
public interface UserTestMapper {
    @Select("select * from users where id = ${id};")
    public User getUser(@Param("id") String id);
}

3.2 加入mybatis.xml

<mapper class="com.itmayiedu.mapper.UserTestMapper" />

3.3 运行测试

public class TestMybatis3 {
    public static void main(String[] args) throws IOException {
        String resource = "mybatis.xml";
        // 读取配置文件
        Reader reader = Resources.getResourceAsReader(resource);
        // 获取会话工厂
        SqlSessionFactory sqlSessionFactory = new SqlSessionFactoryBuilder().build(reader);
        SqlSession openSession = sqlSessionFactory.openSession();
        // 调用api查询
        UserTestMapper userTestMapper=openSession.getMapper(UserTestMapper.class);
        System.out.println(userTestMapper.getUser("2"));
    }
}

四、Generator使用

Generator 逆向生成 使用