-- 靜態(tài)SQL示例
SELECT * FROM users WHERE username LIKE '%張%' 
AND email LIKE '%example.com%';

<!-- MyBatis Mapper XML -->
<select id="searchUsers" resultType="User">
    SELECT * FROM users
    <where>
        <if test="keyword != null and keyword != ''">
            AND (username LIKE CONCAT('%', #{keyword}, '%')
            OR email LIKE CONCAT('%', #{keyword}, '%')
            OR phone LIKE CONCAT('%', #{keyword}, '%'))
        </if>
    </where>
</select>

<select id="advancedSearch" resultType="User">
    SELECT * FROM users
    <where>
        <!-- 姓名模糊查詢(xún) -->
        <if test="name != null and name != ''">
            AND username LIKE CONCAT('%', #{name}, '%')
        </if>
        
        <!-- 郵箱模糊查詢(xún) -->
        <if test="email != null and email != ''">
            AND email LIKE CONCAT('%', #{email}, '%')
        </if>
        
        <!-- 電話號(hào)碼模糊查詢(xún)（支持中間四位*號(hào)） -->
        <if test="phonePattern != null and phonePattern != ''">
            AND phone LIKE REPLACE(#{phonePattern}, '*', '%')
        </if>
        
        <!-- 地址多字段模糊查詢(xún) -->
        <if test="address != null and address != ''">
            AND (
                province LIKE CONCAT('%', #{address}, '%')
                OR city LIKE CONCAT('%', #{address}, '%')
                OR detail LIKE CONCAT('%', #{address}, '%')
            )
        </if>
    </where>
    ORDER BY create_time DESC
</select>

<select id="smartSearch" resultType="User">
    SELECT * FROM users
    <where>
        <choose>
            <when test="searchType == 'name' and keyword != null">
                AND username LIKE CONCAT('%', #{keyword}, '%')
            </when>
            <when test="searchType == 'email' and keyword != null">
                AND email LIKE CONCAT('%', #{keyword}, '%')
            </when>
            <when test="searchType == 'phone' and keyword != null">
                AND phone LIKE CONCAT('%', #{keyword}, '%')
            </when>
            <otherwise>
                AND status = 'ACTIVE'
            </otherwise>
        </choose>
    </where>
</select>

// 服務(wù)層代碼示例
public List<User> dynamicSearch(UserSearchCriteria criteria) {
    StringBuilder sql = new StringBuilder("SELECT * FROM users WHERE 1=1");
    List<Object> params = new ArrayList<>();
    
    // 姓名模糊查詢(xún)
    if (StringUtils.isNotBlank(criteria.getName())) {
        sql.append(" AND username LIKE ?");
        params.add("%" + criteria.getName() + "%");
    }
    
    // 郵箱模糊查詢(xún)
    if (StringUtils.isNotBlank(criteria.getEmail())) {
        sql.append(" AND email LIKE ?");
        params.add("%" + criteria.getEmail() + "%");
    }
    
    // 分頁(yè)處理
    if (criteria.getPageSize() > 0) {
        sql.append(" LIMIT ?, ?");
        params.add(criteria.getOffset());
        params.add(criteria.getPageSize());
    }
    
    return jdbcTemplate.query(sql.toString(), params.toArray(), 
        new BeanPropertyRowMapper<>(User.class));
}

// 使用Specification構(gòu)建動(dòng)態(tài)查詢(xún)
public class UserSpecifications {
    
    public static Specification<User> nameContains(String name) {
        return (root, query, cb) -> 
            StringUtils.isBlank(name) ? 
            cb.conjunction() : 
            cb.like(root.get("username"), "%" + name + "%");
    }
    
    public static Specification<User> emailContains(String email) {
        return (root, query, cb) -> 
            StringUtils.isBlank(email) ? 
            cb.conjunction() : 
            cb.like(root.get("email"), "%" + email + "%");
    }
    
    public static Specification<User> multiFieldSearch(String keyword) {
        return (root, query, cb) -> {
            if (StringUtils.isBlank(keyword)) {
                return cb.conjunction();
            }
            String pattern = "%" + keyword + "%";
            return cb.or(
                cb.like(root.get("username"), pattern),
                cb.like(root.get("email"), pattern),
                cb.like(root.get("phone"), pattern)
            );
        };
    }
}

// 使用示例
public List<User> searchUsers(String name, String email) {
    return userRepository.findAll(
        Specification.where(UserSpecifications.nameContains(name))
            .and(UserSpecifications.emailContains(email))
    );
}

// 使用預(yù)編譯語(yǔ)句，永遠(yuǎn)不要直接拼接用戶輸入
String safePattern = "%" + escapeSql(keyword) + "%";

// MyBatis自動(dòng)處理參數(shù)，防止SQL注入
<if test="keyword != null">
    AND username LIKE CONCAT('%', #{keyword}, '%')
</if>

-- 為經(jīng)常查詢(xún)的字段創(chuàng)建索引
CREATE INDEX idx_username ON users(username);
CREATE INDEX idx_email ON users(email);

-- 避免前導(dǎo)通配符導(dǎo)致索引失效的情況
-- 不推薦：LIKE '%keyword%' 
-- 推薦：LIKE 'keyword%'（如果業(yè)務(wù)允許）

-- MySQL全文索引示例
ALTER TABLE users ADD FULLTEXT INDEX ft_search (username, email);

-- 使用全文索引進(jìn)行模糊查詢(xún)
SELECT * FROM users 
WHERE MATCH(username, email) AGAINST('+張* +example*' IN BOOLEAN MODE);

<select id="searchProducts" resultType="Product">
    SELECT * FROM products
    <where>
        <if test="productName != null">
            AND product_name LIKE CONCAT('%', #{productName}, '%')
        </if>
        <if test="categoryId != null">
            AND category_id = #{categoryId}
        </if>
        <if test="minPrice != null">
            AND price >= #{minPrice}
        </if>
        <if test="maxPrice != null">
            AND price <= #{maxPrice}
        </if>
        <!-- 模糊搜索商品描述 -->
        <if test="keyword != null">
            AND (
                product_name LIKE CONCAT('%', #{keyword}, '%')
                OR description LIKE CONCAT('%', #{keyword}, '%')
                OR tags LIKE CONCAT('%', #{keyword}, '%')
            )
        </if>
    </where>
    ORDER BY 
    <choose>
        <when test="sortBy == 'price'">price ${sortOrder}</when>
        <when test="sortBy == 'sales'">sales_count DESC</when>
        <otherwise>create_time DESC</otherwise>
    </choose>
</select>

public List<Log> searchLogs(LogQuery query) {
    StringBuilder sql = new StringBuilder(
        "SELECT * FROM system_logs WHERE 1=1");
    
    // 模糊匹配操作內(nèi)容
    if (StringUtils.isNotBlank(query.getContent())) {
        sql.append(" AND content LIKE ?");
        params.add("%" + query.getContent() + "%");
    }
    
    // 模糊匹配用戶IP
    if (StringUtils.isNotBlank(query.getIp())) {
        sql.append(" AND ip_address LIKE ?");
        params.add(query.getIp() + "%");  // IP前綴匹配
    }
    
    // 時(shí)間范圍查詢(xún)
    if (query.getStartTime() != null) {
        sql.append(" AND create_time >= ?");
        params.add(query.getStartTime());
    }
    
    return jdbcTemplate.query(sql.toString(), 
        params.toArray(), 
        new BeanPropertyRowMapper<>(Log.class));
}