The difference between $ and # in Sqlmap

In SQL configuration such as in (#rewr #) with in ($REWR $)

In Ibatis we need to reference parameters when we use SQLMAP for SQL queries, the distinction between the symbol # and $ encountered in the parameter reference is, #可以进行与编译, type matching, and $ no data type matching, for example: SELECT * FROM table where id = # id#, where if the field ID is a character type, then #id# represents the ' id ' type, and if the ID is integer, then #id# is the ID type. SELECT * FROM table where id = $id $, if the field ID is integer, the SQL statement will not go wrong, but if the field ID is a character type, then the SQL statement should be written as a select * from table where id = ' $id $ ' $ is actually a concatenation of strings,
SELECT * FROM $tableName $
is equivalent to
StringBuffer sb = new StringBuffer (256);
Sb.append ("SELECT * from"). Append (TableName);
Sb.tostring ();

#用于变量替换
SELECT * FROM table where id = #id #
is equivalent to
Preparestement = Stmt.createpreparestement ("Select * FROM table where id =?")
Preparestement.setstring (1, ' abc ');

------------------------------------------------

Say here, summarize, when to use $, when to use #

For the variable part, you should use #, which can effectively prevent SQL injection, in the future, # are used preparestement, so the efficiency also has a certain increase

$ is just a simple character stitching, for the non-variable part, that can only use $, in fact, in many cases, $ is also a lot of practical significance
For example
SELECT * from $tableName $ to perform a unified query for different tables
Update $tableName $ set status = #status # One table per entity, changing the state of the unused entity
Specifically, $ is just a string concatenation, so be careful with SQL injection.

The difference between $ and # in Sqlmap