用的spring jdbc,这样算不算拼接sql语句,会产生sql注入问题吗
@Override
public List getUserListByUserIdAndName(Long userId, String userName) {
List userList = this.getJdbcTemplate().query(
"SELECT * FROM user WHERE is_display = true AND check_id = ? AND user_nam e = ?", this.getRowMapper(), userId, userName);
return userList;
}
