模糊查询like用法实例(Bee)

原创
2022/07/30 16:44
阅读数 497

like通过两个匹配符%和_进行模糊查询.

%: 匹配任意个任意字符

_: 匹配一个字符

以下以userid为例,  在数据库中的值如下图所示:

 

 V1.11及之前版本, 使用Op.like, 需要判断值是否为空字段,是否只含有匹配符(%和_)

 Op.like可以创建比左右匹配更复杂的模糊查询,但需要防止,最终的值只包含有匹配符(%和_)

在V1.17( 1.17.0.9) 中,能明确%使用在左还是右,还是同时使用在左右, 则应该选用:likeLeft,likeRight,likeLeftRight;

Bee框架会对这三种用法的值进行转义(匹配符%,由框架添加), 转义后值中的%(如果有),只代表符号%.


 where 条件中,不建议只使用not like一个过滤条件(结合其它条件使用则可以)

 

 

public class LikeTest {
	
	public static void main(String[] args) {
		test();
	}
	public static void test() {
       try{
		Suid suid = BeeFactory.getHoneyFactory().getSuid();
		
		Orders orders = new Orders();
		
		 Condition condition=BF.getCondition();
		 
//		 condition
////		 .op("1=1 -- userid", Op.like, "bee%") // test invalid field
////		 .op("userid", Op.like, "bee%") //模糊查询
//		 .op("userid", Op.like, "%") //模糊查询     只有%或_, 从1.17开始,Bee会抛出异常. 
////		 .op("userid", Op.like, "_")
////		 .op("userid", Op.like, "") 
////		 使用Op.like,调用方需要对传入的字符进行过滤,特别是1.17之前的版本.
//		 ;
		 
		List<Orders> list2 =null;
				
		list2=suid.select(orders, condition);
//		for (int i = 0; i < list2.size(); i++) {
//			Logger.info(list2.get(i).toString());
//		}
		
		
		condition=BF.getCondition();
		condition.op("userid", Op.like, "test\\%"); //userid是test%
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.like, "test%"); //test开头的
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.like, "test_"); //test开头有5个字符的
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		
		condition=BF.getCondition();
		condition.op("userid", Op.like, "test\\_"); //userid是test_
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "test"); //likeLeft
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeRight, "test"); //likeRight
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeftRight, "test"); //likeLeftRight
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "test%"); //likeLeft
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>");
//		condition=BF.getCondition();
//		condition.op("userid", Op.likeLeft, ""); //likeLeft
//		list2 = suid.select(orders, condition);
//		for (int i = 0; i < list2.size(); i++) {
//			Logger.info(list2.get(i).toString());
//		}
		
//		condition=BF.getCondition();
//		condition.op("userid", Op.likeLeft, null); //likeLeft
//		list2 = suid.select(orders, condition);
//		for (int i = 0; i < list2.size(); i++) {
//			Logger.info(list2.get(i).toString());
//		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "test\\%"); //likeLeft
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "test_"); //likeLeft
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "test\\u0025"); //likeLeft
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		
		System.out.println(">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>2");
		
		condition=BF.getCondition();
		condition.op("userid", Op.like, "\\\u0025\\\u0025"); //like  \u0025 is %  转义 \%是\\\u0025
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		condition=BF.getCondition();
		condition.op("userid", Op.likeLeft, "\\\u0025"); //like  \u0025 is %  转义 \%是\\\u0025
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		//查询 userid=\u0025
		condition=BF.getCondition();
		condition.op("userid", Op.like, "\\\\u0025"); //like  \u0025 is %
		list2 = suid.select(orders, condition);
		for (int i = 0; i < list2.size(); i++) {
			Logger.info(list2.get(i).toString());
		}
		
		
		}catch (Exception e) {
			Logger.error("In ConditionExam (Exception):"+e.getMessage());
			e.printStackTrace();
		}
	}

}

 

like需要防止是否会受到攻击,而暴露整个表的数据.

where 条件中,不建议只使用not like一个过滤条件(结合其它条件使用则可以)

最终的值只包含有匹配符(%和_)

/**
 * V1.11及之前版本, 使用Op.like, 需要判断值是否为空字段,是否只含有匹配符(%和_)
 * <br>Op.like可以创建比左右匹配更复杂的模糊查询,但需要防止,最终的值只包含有匹配符(%和_)
 * <br>在V1.17( 1.17.0.9) 中,能明确%使用在左还是右,还是同时使用在左右, 则应该选用:likeLeft,likeRight,likeLeftRight
 * <br>where 条件中,不建议只使用not like一个过滤条件(结合其它条件使用则可以)
 * @author Kingstar
 * @since  1.17
 */
public class LikeEnhanceTest {

	private static PreparedSql preparedSql = BF.getPreparedSql();
	private static Suid suid = BF.getSuid();

	public static void main(String[] args) {
		try {
			Map<String, Object> map = new HashMap<>();
			map.put("name", "");
			selectNoPage(CustomSql.getCustomSql("example.autosql.like.isNotNull"), map);
//		example.autosql.like.isNotNull=select * from orders where <if isNotNull>name like #{%name}</if>
			// name的值非null,会保留<if isNotNull></if>之前的内容,但name的值为空字符,会有注入风险,所以报错.
		} catch (Exception e) {
			e.printStackTrace();
		}

		Condition condition = null;
		List<Orders> list2 = null;
		Orders orders = new Orders();

		try {
			condition = BF.getCondition();
			condition
					// .op("1=1 -- userid", Op.like, "bee%") // test invalid field
					// .op("userid", Op.like, "bee%") //模糊查询
					.op("userid", Op.like, "%") // 模糊查询 只有%或_, 从1.17开始,Bee会抛出异常.
			// .op("userid", Op.like, "_")
			// .op("userid", Op.like, "")
			// 使用Op.like,调用方需要对传入的字符进行过滤,特别是1.17之前的版本.
			;

			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}

		try {
			condition = BF.getCondition();
			condition.op("userid", Op.like, "\u0025"); // like \u0025 is %
			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}

		try {
			condition = BF.getCondition();
			condition.op("userid", Op.like, "\u005f"); // like \u005f is _
			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}

		try {
			condition = BF.getCondition();
			condition.op("userid", Op.like, "\u0025\u0025"); // like \u0025 is %
			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		
		try {
			condition = BF.getCondition();
			condition.op("userid", Op.likeLeft, ""); // likeLeft
			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		try {
			condition = BF.getCondition();
			condition.op("userid", Op.likeLeft, null); // likeLeft
			list2 = suid.select(orders, condition);
			for (int i = 0; i < list2.size(); i++) {
				Logger.info(list2.get(i).toString());
			}
		} catch (Exception e) {
			e.printStackTrace();
		}
		

//		PreparedSqlExam.java	
		PreparedSql preparedSql = BF.getPreparedSql();
		String sql3_2 = CustomSql
				.getCustomSql("osql.example.entity.selectOrdersLikeNameViaMap2"); // %name
		Map<String, Object> map2 = new HashMap<>();
//		map2.put("name", "Bee");
//		map2.put("name", ""); //1.17之前的版本,需要判断传入的值不能为空字符,%,_.
		
		
		

		// case "%"
		try {
			map2.put("name", "%");
//				map2.put("name", "_");
//				map2.put("name", null);
			preparedSql.select(sql3_2, new Orders(), map2);// map
		} catch (Exception e) {
			e.printStackTrace();
		}

		// case ""
		try {
			map2 = new HashMap<>();
			map2.put("name", ""); // 1.17之前的版本,需要判断传入的值不能为空字符,%,_.
			preparedSql.select(sql3_2, new Orders(), map2);// map
		} catch (Exception e) {
			e.printStackTrace();
		}

		// case "_"
		try {
			map2 = new HashMap<>();
			map2.put("name", "_"); // 1.17之前的版本,需要判断传入的值不能为空字符,%,_.
			preparedSql.select(sql3_2, new Orders(), map2);// map
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		
		// case null
		//[WARN] the parameter value in like is null !
		try {
			map2 = new HashMap<>();
			map2.put("name", null); // 1.17之前的版本,需要判断传入的值不能为空字符,%,_.
			preparedSql.select(sql3_2, new Orders(), map2);// map
		} catch (Exception e) {
			e.printStackTrace();
		}
		
		System.out.println("finished!");

	}

	private static void selectNoPage(String sql, Map<String, Object> map) {
		List<Orders> list3 = preparedSql.select(sql, new Orders(), map);// map
	}

}

 

展开阅读全文
加载中
点击加入讨论🔥(3) 发布并加入讨论🔥
3 评论
0 收藏
0
分享
返回顶部
顶部