区别:
# 会进行预编译和类型匹配
$ 进行字符拼接
有如下SQL:
select name from student where id=1;
用#进行处理
select name from student where id=#{0}
相当于
PreparedStatement preparedStatement=conn.prepareStatement("select name from sutdent where is=?");
prepareStatement.setInteger(1,1);
用
进
行
处
理
s
e
l
e
c
t
n
a
m
e
f
r
o
m
s
t
u
d
e
n
t
w
h
e
r
e
i
d
=
进行处理 select name from student where id=
进行处理selectnamefromstudentwhereid={id}
相当于
StringBuffer sb = new StringBuffer(256);
sb.append("select name from student where id=").append(t1);
sb.toString();
caution:
1.#可以有效的防止sql注入
2.$进行拼接应用较广
3.能用#尽量用#