$: Sql stitching, the equivalent in the statement jdbc sql injection may be harmful. But to pass table names and column names with this (such as sorting).
#: Prevent sql injection, equivalent to jdbc in the preparedStatement, default single quotation marks when parsing.