{"id":20820,"date":"2024-03-15T21:03:38","date_gmt":"2024-03-15T21:03:38","guid":{"rendered":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/"},"modified":"2024-03-21T19:00:25","modified_gmt":"2024-03-21T19:00:25","slug":"what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis","status":"publish","type":"post","link":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/","title":{"rendered":"What is the method to prevent injection of dynamic table names in MyBatis?"},"content":{"rendered":"

MyBatis offers a method to prevent dynamic table name injection by using dynamic SQL and parameter replacement.<\/p>\n

    \n
  1. – in the case that<\/li>\n
  2. Make a decision.<\/li>\n
  3. at what time<\/li>\n
  4. Alternatively<\/li>\n<\/ol>\n
    <select id=\"selectUserById\" resultType=\"User\">\r\n  SELECT * FROM\r\n  <choose>\r\n    <when test=\"tableType == 'A'\">\r\n      table_A\r\n    <\/when>\r\n    <when test=\"tableType == 'B'\">\r\n      table_B\r\n    <\/when>\r\n    <otherwise>\r\n      table_C\r\n    <\/otherwise>\r\n  <\/choose>\r\n  WHERE id = #{id}\r\n<\/select>\r\n<\/code><\/pre>\n
      \n
    1. Use parameter replacement: pass the table name as a parameter to the SQL statement to prevent injection by replacing the parameters. For example:<\/li>\n<\/ol>\n
      <select id=\"selectUserById\" resultType=\"User\">\r\n  SELECT * FROM #{tableName}\r\n  WHERE id = #{id}\r\n<\/select>\r\n<\/code><\/pre>\n
      Passing the table name as a parameter to the MyBatis method in Java code.<\/p>\n
      String tableName = \"table_A\";\r\nint id = 1;\r\nUser user = sqlSession.selectOne(\"selectUserById\", Collections.singletonMap(\"tableName\", tableName));\r\n<\/code><\/pre>\n
      By using this method, it ensures that table names are obtained from trusted sources, eliminating the risk of injection caused by directly concatenating table names.<\/p>\n","protected":false},"excerpt":{"rendered":"
      MyBatis offers a method to prevent dynamic table name injection by using dynamic SQL and parameter replacement. – in the case that Make a decision. at what time Alternatively <select id=”selectUserById” resultType=”User”> SELECT * FROM <choose> <when test=”tableType == ‘A'”> table_A <\/when> <when test=”tableType == ‘B'”> table_B <\/when> <otherwise> table_C <\/otherwise> <\/choose> WHERE id = […]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_import_markdown_pro_load_document_selector":0,"_import_markdown_pro_submit_text_textarea":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-20820","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\nWhat is the method to prevent injection of dynamic table names in MyBatis? - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"What is the method to prevent injection of dynamic table names in MyBatis?\" \/>\n<meta property=\"og:description\" content=\"MyBatis offers a method to prevent dynamic table name injection by using dynamic SQL and parameter replacement. – in the case that Make a decision. at what time Alternatively <select id="selectUserById" resultType="User"> SELECT * FROM <choose> <when test="tableType == 'A'"> table_A <\/when> <when test="tableType == 'B'"> table_B <\/when> <otherwise> table_C <\/otherwise> <\/choose> WHERE id = […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-15T21:03:38+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-21T19:00:25+00:00\" \/>\n<meta name=\"author\" content=\"Ava Mitchell\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:site\" content=\"@SiliCloudGlobal\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ava Mitchell\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\"},\"author\":{\"name\":\"Ava Mitchell\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/a3e2658c2cb9fb2be95ae0a8861f4a64\"},\"headline\":\"What is the method to prevent injection of dynamic table names in MyBatis?\",\"datePublished\":\"2024-03-15T21:03:38+00:00\",\"dateModified\":\"2024-03-21T19:00:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\"},\"wordCount\":104,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\",\"name\":\"What is the method to prevent injection of dynamic table names in MyBatis? - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\"},\"datePublished\":\"2024-03-15T21:03:38+00:00\",\"dateModified\":\"2024-03-21T19:00:25+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.silicloud.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"What is the method to prevent injection of dynamic table names in MyBatis?\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"name\":\"Silicon Cloud Blog\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\"},\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#organization\",\"name\":\"Silicon Cloud Blog\",\"url\":\"https:\/\/www.silicloud.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"contentUrl\":\"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png\",\"width\":1024,\"height\":1024,\"caption\":\"Silicon Cloud Blog\"},\"image\":{\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/SiliCloudGlobal\/\",\"https:\/\/twitter.com\/SiliCloudGlobal\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/a3e2658c2cb9fb2be95ae0a8861f4a64\",\"name\":\"Ava Mitchell\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/15c63cd0564b4a2e07d611bcdffa296f6ea80e8db07c3091f43a84010514899d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/15c63cd0564b4a2e07d611bcdffa296f6ea80e8db07c3091f43a84010514899d?s=96&d=mm&r=g\",\"caption\":\"Ava Mitchell\"},\"url\":\"https:\/\/www.silicloud.com\/blog\/author\/avamitchell\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"What is the method to prevent injection of dynamic table names in MyBatis? - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/","og_locale":"en_US","og_type":"article","og_title":"What is the method to prevent injection of dynamic table names in MyBatis?","og_description":"MyBatis offers a method to prevent dynamic table name injection by using dynamic SQL and parameter replacement. – in the case that Make a decision. at what time Alternatively <select id=\"selectUserById\" resultType=\"User\"> SELECT * FROM <choose> <when test=\"tableType == 'A'\"> table_A <\/when> <when test=\"tableType == 'B'\"> table_B <\/when> <otherwise> table_C <\/otherwise> <\/choose> WHERE id = […]","og_url":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/","og_site_name":"Blog - Silicon Cloud","article_publisher":"https:\/\/www.facebook.com\/SiliCloudGlobal\/","article_published_time":"2024-03-15T21:03:38+00:00","article_modified_time":"2024-03-21T19:00:25+00:00","author":"Ava Mitchell","twitter_card":"summary_large_image","twitter_creator":"@SiliCloudGlobal","twitter_site":"@SiliCloudGlobal","twitter_misc":{"Written by":"Ava Mitchell","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#article","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/"},"author":{"name":"Ava Mitchell","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/a3e2658c2cb9fb2be95ae0a8861f4a64"},"headline":"What is the method to prevent injection of dynamic table names in MyBatis?","datePublished":"2024-03-15T21:03:38+00:00","dateModified":"2024-03-21T19:00:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/"},"wordCount":104,"commentCount":0,"publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/","url":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/","name":"What is the method to prevent injection of dynamic table names in MyBatis? - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/blog\/#website"},"datePublished":"2024-03-15T21:03:38+00:00","dateModified":"2024-03-21T19:00:25+00:00","breadcrumb":{"@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/blog\/what-is-the-method-to-prevent-injection-of-dynamic-table-names-in-mybatis\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.silicloud.com\/blog\/"},{"@type":"ListItem","position":2,"name":"What is the method to prevent injection of dynamic table names in MyBatis?"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/blog\/#website","url":"https:\/\/www.silicloud.com\/blog\/","name":"Silicon Cloud Blog","description":"","publisher":{"@id":"https:\/\/www.silicloud.com\/blog\/#organization"},"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.silicloud.com\/blog\/#organization","name":"Silicon Cloud Blog","url":"https:\/\/www.silicloud.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","contentUrl":"https:\/\/www.silicloud.com\/blog\/wp-content\/uploads\/2023\/11\/EN-SILICON-Full.png","width":1024,"height":1024,"caption":"Silicon Cloud Blog"},"image":{"@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/SiliCloudGlobal\/","https:\/\/twitter.com\/SiliCloudGlobal"]},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/a3e2658c2cb9fb2be95ae0a8861f4a64","name":"Ava Mitchell","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.silicloud.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/15c63cd0564b4a2e07d611bcdffa296f6ea80e8db07c3091f43a84010514899d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/15c63cd0564b4a2e07d611bcdffa296f6ea80e8db07c3091f43a84010514899d?s=96&d=mm&r=g","caption":"Ava Mitchell"},"url":"https:\/\/www.silicloud.com\/blog\/author\/avamitchell\/"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/20820","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/comments?post=20820"}],"version-history":[{"count":1,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/20820\/revisions"}],"predecessor-version":[{"id":54644,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/posts\/20820\/revisions\/54644"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/media?parent=20820"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/categories?post=20820"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/blog\/wp-json\/wp\/v2\/tags?post=20820"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}