sql injection violation, syntax error: ERROR. token : PERCENT, pos : 216 : select lo.yfhj,l.ordNO,bu.username,bu.telephone,l.createDat FROM LgtOrder l LEFT JOIN LgtOrderCarriage lo on l.ordPk=lo.ordPk LEFT JOIN BaseUserInfo bu on bu.userPk=l.shipper where l.ordNO=? AND bu.username like %?% AND lo.createDat BETWEEN ? and ?