当前位置: 首页 > web >正文

人事管理系统6

web 2025/5/2 5:52:59

模糊查询

DepartmentMapper.xml 
<select id="findDepartmentListByName" resultMap="BaseResultMap">
select
<include refid="Base_Column_List"/>
from department
where dname like '%${dname}%' /*where dname like concat('%',#
{dname},'%')*/
order by establishmentdate desc
limit #{start},#{limit}
</select>
<!--#会把传入的String类型自动加上引号,其他数据类型不会加引号,此处会变成'%'开发部'%',语法错
误-->
<!--$把传入的数据直接显示在sql语句中,不会添加引号,此处会变成'%开发部%'-->
<select id="getTotalDepartmentsByName" resultType="int">
select count(*) from department where dname like '%${dname}%'
</select>
${} :不安全
直接拼接 SQL ,容易被 SQL 注入攻击利用。
select * from user where username = '${username}'
若用户输入 admin' or '1'='1 会直接执行
select * from user where username='admin' or '1'='1'
${} 是拼接符
#{} :安全
通过预编译方式传参,防止 SQL 注入
select * from user where username = #{username}
#{} 是占位符
DepartmentMapper.java 
List<Department> findDepartmentListByName(@Param("dname") String
dname,@Param("start") int start,@Param("limit") int limit);
int getTotalDepartmentsByName(@Param("dname") String dname);
DepartmentService.java 
Result getDepartmentsListByName(String dname, int start, int limit);
DepartmentServiceImpl.java 
@Override
public Result getDepartmentsListByName(String dname, int start, int limit) {
List<Department> departmentList =
departmentMapper.findDepartmentListByName(dname, start, limit);
int totalDepartments = departmentMapper.getTotalDepartmentsByName(dname);
Result result = new Result();
result.setCode(0);
result.setMsg("查找成功!");
result.setCount(totalDepartments);
result.setData(departmentList);
return result;
}
DepartmentController.java 
@GetMapping("/department/listbyname")
@ResponseBody
public Result listByName(@RequestParam Map<String, Object> params) {
int page = Integer.parseInt(params.get("page").toString());
int limit = Integer.parseInt(params.get("limit").toString());
int start = (page - 1) * limit;
String dname = params.get("dname").toString();
return departmentService.getDepartmentsListByName(dname, start, limit);
}

刷新页面:

AuserController.java 
@GetMapping("/reload")
@ResponseBody
public boolean reload(HttpSession session) {
String name = session.getAttribute("name").toString();
return name != null;
}

为保证部门名称不重复,对 dname 字段设置唯一性约束:

DepartmentController.java 
@GetMapping("/department/add")
public String gotoDepartmentAdd() {
return "admin/department-add";
}
修改 DepartmentMapper.java 中已自动生成方法的返回类型: 
boolean insertSelective(Department record);
DepartmentService.java 
Result addDepartment(Department department);
DepartmentServiceImpl.java 
@Override
public Result addDepartment(Department department) {
Result result = new Result();
if(departmentMapper.insertSelective(department)){
result.setCode(0);
result.setMsg("新建成功!");
}else{
result.setCode(1);
result.setMsg("新建失败!");
}
return result;
}
DepartmentController.java 
@PostMapping("/department/add")
@ResponseBody
public Result addDepartment(@RequestParam("dname") String dname,
@RequestParam("dtel") String dtel, @RequestParam("description") String
description) {
Department department = new Department();
department.setDname(dname);
department.setDtel(dtel);
department.setDescription(description);
department.setEstablishmentdate(new Date());
return departmentService.addDepartment(department);
}
或通过 @RequestParam 获取 Map 键值对传参: 
@PostMapping("/department/add")
@ResponseBody
public Result addDepartment(@RequestParam Map<String, Object> map) {
Department department = new Department();
department.setDname(map.get("dname").toString());
department.setDtel(map.get("dtel").toString());
department.setDescription(map.get("description").toString());
department.setEstablishmentdate(new Date());
return departmentService.addDepartment(department);
}
或通过 @RequestBody 获取 Map 键值对传参,但需要修改 department-add.html 的数据提交格式为 json 格式: 
@PostMapping("/department/add")
@ResponseBody
public Result addDepartment(@RequestBody Map<String, Object> map) {
Department department = new Department();
department.setDname(map.get("dname").toString());
department.setDtel(map.get("dtel").toString());
department.setDescription(map.get("description").toString());
department.setEstablishmentdate(new Date());
return departmentService.addDepartment(department);
}
department-add.html 中的 
data: data.field,
替换为 
data: JSON.stringify(data.field),
contentType : "application/json",

http://www.xdnf.cn/news/2910.html

相关文章:

  • react-native 安卓APK打包流程
  • 【Linux学习笔记】进程替换和自定义shell
  • 自动化立库/AGV物流仿真详细步骤
  • MarkItDown:如何高效将各类文档转换为适合 LLM 处理的 Markdown 格式
  • Objective-C Block 底层原理深度解析
  • Hearts of Iron IV 钢铁雄心 4 [DLC 解锁] [Windows SteamOS macOS]
  • 基于tabula对pdf中多个excel进行识别并转换成word中的优化(四)
  • 防爆风扇储能轴流风机风量风压如何保障通风安全?
  • dify1.3.1更新又给我们带来了什么?
  • 已知条件概率,反推设计值
  • Vue3取消网络请求的方法(AbortController)
  • android开发中的多线程、数据存储同步功能实现方案和应用场景
  • 【SpringBoot】基于MybatisPlus的博客管理系统(1)
  • 常见的硬盘分类
  • SpringBoot、微服务与AI场景题深度解析
  • neo4j基础操作:命令行增删改查
  • java web 过滤器
  • 华为云IAM用户权限设置主要有哪些问题需要注意?
  • 医疗生态全域智能化:从技术革新到价值重塑的深度探析
  • 激光驱鸟:以科技重构生态防护边界
  • JavaAPI — 包装类与正则表达式
  • 从厨房到云端:从预制菜到云原生
  • kotlin flatMap 变换函数的特点和使用场景
  • SpringBoot Actuator未授权访问漏洞的全面解析与解决方案
  • 【uom】 0 配置文件(Cargo.toml)
  • vscode chrome调试怎么在所有浏览器都好使
  • jmeter-Beashell获取请求body data
  • 音视频之H.265/HEVC网络适配层
  • 打造惊艳的渐变色下划线动画:CSS实现详解
  • [C++]C++20协程的原理