# 1 is the value passed as a string, eg: select id, name, age from student where id = # {id}, the current end of the id value of 1, when passed to the background, equivalent to select id, name, age from student where id = '1'.
$ 2 is a direct incoming display data generating sql statement, eg: select id, name, age from student where id = $ {id}, the current end of the id value of 1, when passed to the background, equivalent to select id, name, age from student where id = 1.
Use # 3 sql injection can be largely prevented. (Statement mosaic # {xxx}, using a PreparedStatement, there will be cast, safer simply means that # {} is pre-compiled, it is safe, $ {} is not pre-compiled, just taking the value of the variable, non-secure, and SQL injection.)
4 But if you use in order by the need to use $.
# 5 is often used in most cases, but you must use $ in different situations.