'解决删除bjlsyd表SQL注入报错'

BJYSYBZ_S/src/main/resources/mapper/YbzBJMapper.xml

@@ -787,7 +787,7 @@
         delete
         from
         sde.bjlsyd
-        where xh = #{id} and objectid = ${num}
+        where xh = #{id} and objectid = #{num}
     </delete>
 
     <select id="lsydList" parameterType="com.zjugis.ysgzybz.domain.dto.CommonDTO" resultType="java.util.Map">
@@ -797,10 +797,10 @@
         sde.bjlsyd
         where 1=1
         <if test="dto.big != null">
-            and spmj &lt;= ${dto.big} / 0.0015
+            and spmj &lt;= #{dto.big} / 0.0015
         </if>
         <if test="dto.small != null">
-            and spmj &gt;= ${dto.small} / 0.0015
+            and spmj &gt;= #{dto.small} / 0.0015
         </if>
         <if test="dto.name != null and dto.name !=''">
             and xmmc like concat('%', concat(#{dto.name}, '%'))