一、like mapper中防注入写法
传统的是
su.company like '%${aaa}%'改成
<if test="query.company!=null"> <bind name="itemName" value="'%'+query.company+'%'"/> and su.company like #{itemName}</if>
