这段代码会有sql注入的安全问题吗?
public static List<Map<String,Object>> getEmpNo(Object deptno)
{
StringBuilder sql = new StringBuilder();
sql.append("select * from a where 1=1 ");
if(deptno!=null) {
sql.append("deptno="+deptno+" ");
}
return dao.query(sql.toString());
}