mybatis避免sql的like注入

<select id="NotInByEvalQuestion" resultType="com.rm.eval.entity.EvalQnQuestion">
        SELECT * FROM eval_question  WHERE  1=1 and validate_flag='Y'
        <if test="title!=''and title!=null">
            and title like concat('%', #{title}, '%')
        </if>
        <if test="null != strlist and strlist.size > 0">
          and  id not in
            <foreach collection="strlist" index="index" item="item" open="(" separator="," close=")">
                #{item}
            </foreach>
        </if>
    </select>