Here is my code
<condition attribute='name' operator='like' value='%" + name + "%' />
if name is word ,like 'a' 'b' ,there's no problem
if name is '&' an exception is thrown
Escape &
& &
< <
> >
' '
" "