jfianl sql 使用append 拼接,防sql注入
public Page<Channel> getChannelByPage(int pageNum, int pageSize, Map<String , String> paramMap){ String sql = "SELECT * "; String orderBy = " ORDER BY id DESC"; StringBuilder condition = new StringBuilder(""); condition.append(" FROM tb_channel WHERE 1=1 "); List<Object> values = new ArrayList<Object>(); if(StringUtils.isNotBlank(paramMap.get("channel_id"))){ condition.append(" AND channel_id LIKE ?"); values.add("'%"+paramMap.get("channel_id")+"%'" ); } if(StringUtils.isNotBlank(paramMap.get("channel_name"))){ condition.append(" AND channel_name LIKE ?"); values.add("'%"+paramMap.get("channel_name")+"%'" ); } Page<Channel> channel = super.paginate(pageNum, pageSize, sql, condition + orderBy,values.toArray() ); return channel; }