一条sql
from clue_bind
where BELONG_ID_BINDED = 525683727
and GROUP_ID_BINDED in (25853)
and (MOBILE like CONCAT('%', '啊', '%')
or kdt_id = '啊'
or `name` like CONCAT('%', '啊', '%'))
and ASSIGN_ORG_TYPE_BINDED = 2
order by created_at desc
limit 10
有一条数据,name=“你好”,mobile="1243",kdt_id=11111
居然被搜了出来。 发现,因为kdtid是long,如果mybatis传了一个字符串进去,数据库会认为kdtid=任意字符串,日妈的见鬼了