hello, i have a question, why '${item[fieldName]}' can get value?

[东东]

usually, we get item's value by #{item.XXX},why ${item[XX]} can also get right value?

[Iwao AVE!]

Hello,

Please do not use images for posting text information (code, messages, etc.).

We know nothing about your application.

Please provide the details about the parameters (type, value, etc.).

Also, explain what exactly happens (e.g. error? unexpected result?).

The best way to explain your problem is to share a small repro project.

Here are some templates and examples.

https://github.com/harawata/mybatis-issues

Regards,

Iwao

On Wed, Nov 29, 2023 at 9:42 PM 东东 <hcx...@gmail.com> wrote:

usually, we get item's value by #{item.XXX},why ${item[XX]} can also get right value?

--
You received this message because you are subscribed to the Google Groups "mybatis-user" group.
To unsubscribe from this group and stop receiving emails from it, send an email to mybatis-user...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/7f481561-58ab-4c29-ab47-442ab35373dbn%40googlegroups.com.

[aa]

If you are asking about #{} vs ${} operators, the difference is that when you use #{} you end up with a parametrized query, which is safe against SQL injection attacks Vs when you use ${} you will end up with plain string injection into SQL query, which is prone to SQL injection attacks. You must use the ${} approach only when you have full control over the string you are injecting into your query. 

To view this discussion on the web visit https://groups.google.com/d/msgid/mybatis-user/CA%2Buep2RVdWrBWP9MpwA4hKH8wLf2-Xq_cE8x62bXG2jCt%2BJisg%40mail.gmail.com.