Ibatis - Parameters input '$' and '#'

Question

I know to input parameters in ibatis file, we can use either '$' or '#'.

Anyone know what is the difference? I can't seem to find much documentation on this.

===

If I were to pass in a String '12' using '#' but my column has a datatype of Integer, will it work?

See also: http://stackoverflow.com/questions/12808305/ibatis-inline-parameter-with-in-order-by-clause. The way I understand this is that `$...$` uses string manipulation to generat the SQL statement while `#...#` simply inserts a `?` into the SQL string, making it a prepared statement, and binding the parameter after that. — chiccodoro, Jun 05 '14 at 06:40

score 4 · Answer 1 · answered Jun 05 '14 at 06:38

The # characters around the variable name indicate that iBatis will create a parameterized query with the userName variable.

However, iBatis also allows you to concatenate variables directly to SQL statements using $ characters.

More easy explained: with # iBatis binds the variable, checking his type and preventing sql injection. And with $ just substitutes the variable without checking anything. (you could inject some code and modify the query..)

Ibatis - Parameters input '$' and '#'

1 Answers1