解决SQL注入问题

BJYSYBZ_S/src/main/resources/mapper/YbzBJMapper.xml

@@ -858,7 +858,12 @@
             dqsj = null,
         </if>
         lxfs = #{lxfs}
-        where xh = #{id} and objectid = ${num}
+        <where>
+            xh = #{id}
+            <if test="num != null">
+                and objectid = #{num}
+            </if>
+        </where>
     </update>
     <update id="updateManageGddwByDkId">
         update sde.bjwkfly2000