I am using an XML mapper and would like to use inline(non bind) parameters in my queries. I know that inline parameters "${param}" are not escaped for SQL injection. What is the desirable way to escape these parameters? Escaping them in my Service layer is not an option for me.