4.Mybatis中#{}和${}的区别是什么？

Mybatis中#{}和${}的区别是什么？

#{}是预编译处理、是占位符， ${}是字符串替换、是拼接符
2Mybatis 在处理#{}时，会将 sql 中的#{}替换为?号，调⽤ PreparedStatement 来赋值
3Mybatis 在处理${}时， 就是把${}替换成变量的值，调⽤ Statement 来赋值
4使⽤#{}可以有效的防⽌SQL注⼊，提⾼系统安全性

-- 假设 name="zhangsan" password="1 or 1=1" select * from user where name = #{name} and password = #{password} 将转为 select * from user where name = 'zhouyu' and password = '1 or 1=1' select * from user where name = ${name} and password = ${password} 将转为 select * from user where name = zhouyu and password = 1 or 1=1