In our project, the method parameter, is your input SQL statements, now the other team to scan with SQL injection risk, how to prevent SQL injection