1，多个参数传递用map或实体封装后再传给myBatis，

mybatis学习$与#号取值区别

#{} 1.加了单引号,  2.#号写是可以防止sql注入，比较安全

select * from user where username=#{username} and password=#{password}  变成 ...where username=‘张三’ and password=‘123’

${}  2.没有加单引号  2.${｝写法无法防止sql注入（模湖查询时用‘%${username}%’） 或用cancat ('%',${username},'%')

select * from user where username=${username} and password=${password}  变成 ...where username=张三 and password=123