# {} Will be replaced together with the content-type format, such as: userIds of type String "1000,1001", # {<userIds>} will be replaced with a quoted string "1000, 1001", then if query using IN (# {userIds}) becomes IN ( "1000,1001") instead of IN (1000,1001).
$ {} Will be replaced directly replace the value content, without any formatting, if the SQL string and can be a direct replacement operation, so in some scenarios, an attacker may be injected using SQL.