name like '%$name$%' 会有注入漏洞
name like '%' || #name# || '%'
$生成文本化的sql
#生成参数化的sql
mysql: select * from tb where name like concat('%',#name#,'%')
oracle: select * from tb where name like '%'||#name#||'%'
SQL Server:select * from tb where name like '%'+#name#+'%'
name like '%' || #name# || '%'
$生成文本化的sql
#生成参数化的sql
mysql: select * from tb where name like concat('%',#name#,'%')
oracle: select * from tb where name like '%'||#name#||'%'
SQL Server:select * from tb where name like '%'+#name#+'%'