About the # and $ difference between the SELECT * from the User the WHERE username = " ? " And password =? " # Number: 1 . Use the # pass parameters have pre-compiled an effect of preventing sql injection attacks 2 . Add one pair for the parameter " " No agreement: do not use the # $ $ symbol: only the name field is a parameter, just use the $ symbol example: the SELECT