#{} ${}

http://www.mybatis.org/mybatis-3/sqlmap-xml.html

${name}
Here MyBatis won't modify or escape the string.
不会转义（escape）
不会被生成PreparedStatement properties，也不会被修改和转义， 而是直接替换。String Substitution（字符串替换）

{field}

By default, using the #{} syntax will cause MyBatis to generate PreparedStatement properties and set the values safely against the PreparedStatement parameters (e.g. ?).

 @Insert("INSERT into village(${column},district) VALUES(#{village.villageName}, #{village.district})")
    @Options(useGeneratedKeys = true, keyColumn = "id", keyProperty = "vid")
    void insertVillage02(@Param("village") Village village, @Param("column") String column);


        Village village = new Village();
        village.setVillageName("柯里昂");
        village.setDistrict("10010");
        villageMapper.insertVillage02(village,"name");

2019-06-04 19:03:38.659 DEBUG 27187 --- [nio-8080-exec-2] c.e.s.m.m.m.V.insertVillage02            : ==>  Preparing: INSERT into village(name,district) VALUES(?, ?) 
2019-06-04 19:03:38.675 DEBUG 27187 --- [nio-8080-exec-2] c.e.s.m.m.m.V.insertVillage02            : ==> Parameters: 柯里昂(String), 10010(String)
2019-06-04 19:03:38.676 DEBUG 27187 --- [nio-8080-exec-2] c.e.s.m.m.m.V.insertVillage02            : <==    Updates: 1