模糊查询 like 语句该怎么写?

第 1 种：在 Java 代码中添加 sql 通配符。

string wildcardname = “%smi%”;        list<name> names = mapper.selectlike(wildcardname);    <select id=”selectlike”>    select * from foo where bar like #{value}</select>

第 2 种：在 sql 语句中拼接通配符，会引起 sql 注入

string wildcardname = “smi”;        list<name> names = mapper.selectlike(wildcardname);    <select id=”selectlike”>    select * from foo where bar like "%"#{value}"%"</select>