There are several solutions, I think this is the easiest
<select id="getByReselleid" resultType="java.util.HashMap" parameterType="java.util.HashMap" >SELECT * FROM Info WHERE ${idname} =#{id}</select>
${resellerid} $ will directly display the incoming data and generate it in sql, which is STATEMENT (non-precompiled), which may be injected into the attack at that time
#{id} #Precompile the incoming data PREPARED (precompiled) to prevent injection attacks. If you change this to a ${} string, it will be troublesome to add ''.
The advantage of this is that you can customize the word query according to the situation, and the fields and values can be customized
HashMap in the service layer
@Override public List<HashMap> getid(String idname, String id) { HashMap<String, String> StringHashMap = new HashMap<>(); StringHashMap.put("idname",idname);StringHashMap.put("id",id); List<HashMap> info= mapper.getid(StringHashMap); if(info.isEmpty()){ throw new AppcationException(ExceptionEnum.getid,id); } return info; }