1.#0是预编译处理、是占位符,$0是字符串替换、是拼接符
2.Mybatis 在处理#{}时,会将 sq!l中的#替换为?号,调用 Preparedstatement 来赋值
3.Mybatis 在处理{}时,就是把$替换成变量的值,调用 Statement 来赋值
4.使用#{}可以有效的防止SQL注入,提高系统安全性
name = "xxx"
password = "1 or 1 = 1"
"select * from user where name = #{name} and password =#{password}"
// 替换为
"select * from user where name = 'xxx' and password ='1 or 1 = 1'"
"select * from user where name = ${name} and password =${password}"
// 替换为
"select * from user where name = xxx and password =1 or 1 = 1"