about ibatis sqlmap help!!!!!!

Gary
2004-11-17
2013-04-11
  • Gary
    Gary
    2004-11-17

    look this:
    //////////////////
        select
              userinfo.account,
              userinfo.name,
              userinfo.sex,
              userinfo.email,
              userinfo.deptId,
              dept.deptName,
              userinfo.pwd
        from userinfo,dept
        where userinfo.account like #account#
          and userinfo.deptId = dept.id
          and userinfo.name like #name#
          and userinfo.email like #email#
          and userinfo.sex = #sex#
          and  userinfo.account not in (#incondition#)
    ///////////////
    i passed a value of incondition like '001','002','003' then search nothing!
    how can i do it?

     
    • Brandon Goodin
      Brandon Goodin
      2004-11-17

      select
      userinfo.account,
      userinfo.name,
      userinfo.sex,
      userinfo.email,
      userinfo.deptId,
      dept.deptName,
      userinfo.pwd
      from userinfo,dept
      where userinfo.account like #account#
      and userinfo.deptId = dept.id
      and userinfo.name like #name#
      and userinfo.email like #email#
      and userinfo.sex = #sex#
      and userinfo.account not in ($incondition$)

      if you pass the variable "incondition" as a string it will be treated as a string is in jdbc. This means that it will escaped and quoted. If you want to pass variables as literals then you need to use the $xyz$ syntax.

      Brandon

       
      • Gary
        Gary
        2004-11-17

        I see!:)
        Thanks a ton Brandon Goodin

         
    • rosen
      rosen
      2004-11-24

      Hi shixg, could you post the full xml, and java invoke method please?

      I'm a new newbie.

      hehe