# 1. Will the incoming data as a string, to the incoming data automatically add a double quotation marks,
2. $the incoming data directly show the generated in SQL,
MyBatis enabled precompiled function, before the SQL execution, will be sending the above SQL database compiled; Execution time, using compiled SQL directly, replace placeholders "?" Is ok, because SQL injection can only work on compilation process, so this way is good to avoid the problem of SQL injection,