查询防止SQL注入的方法
mysql: select * from tbl_school where school_name like concat('%',#name#,'%') ? ?
? ?
oracle: select * from tbl_school where school_name like '%'||#name#||'%' ? ?
? ?
sql server:select * from tbl_school where school_name like '%'+#name#+'%'