queryForObject() queryForList() queryForMap() Mapped statement types select insert update delete procedure statement sql include sql: select ... where city like '%$values$%' this form is easy sql injection
