在SpringBoot中模糊查询引起的SQL注入

从SSM到SpringBoot的项目，已经写好的Sql语句突然报了Sql注入的错误，修改之后如下：

<select id="getLikeUser" resultMap="userRoleName" parameterType="Map">
        select u.*,r.roleName from fact_user u
        inner join fact_role r
        on u.rid = r.id
        <where>
            <if test="username != null and username != '' ">
                 username like concat('%',#{username},'%')
            </if>
            <if test="gender != null ">
                and gender like concat('%',#{gender},'%')
            </if>
            <if test="userCode != null and userCode != '' ">
                and userCode like concat('%',#{userCode},'%')
            </if>
            <if test="rid != null">
                and rid like concat('%',#{rid},'%')
            </if>
        </where>
        order by u.create_time desc
        limit #{page},#{pageSize}

</select>