${}和#{}
${}本质是字符串凭拼接 缺点:sql注入 单引号需要手动拼接
#{}本质是占位符赋值
select * from user where username=#{username}
select * from user where username=' u s e r n a m e ′ ∗ ∗ ∗ ∗ 注意上面两个 s q l 语句,同样是从 u s e r 表中按 u s e r n a
${}和#{}
${}本质是字符串凭拼接 缺点:sql注入 单引号需要手动拼接
#{}本质是占位符赋值
select * from user where username=#{username}
select * from user where username=' u s e r n a m e ′ ∗ ∗ ∗ ∗ 注意上面两个 s q l 语句,同样是从 u s e r 表中按 u s e r n a