diff --git a/src/main/java/com/peanut/modules/book/controller/BuyOrderController.java b/src/main/java/com/peanut/modules/book/controller/BuyOrderController.java
index b44d8597..e3017a69 100644
--- a/src/main/java/com/peanut/modules/book/controller/BuyOrderController.java
+++ b/src/main/java/com/peanut/modules/book/controller/BuyOrderController.java
@@ -250,6 +250,10 @@ public class BuyOrderController {
         buyOrder.setCity(vo.getCity());
         buyOrder.setDistrict(vo.getCounty());
         buyOrder.setAddress(userAddress.getDetailAddress());
+        String str = buyOrder.getShippingUser()+buyOrder.getAddress()+buyOrder.getRemark();
+        if (str.contains("+")||str.contains("&")) {
+            return R.error(500, "信息中不能含有“+”、“&”符号！");
+        }
         buyOrderService.save(buyOrder);
 
         //解决购物车相关问题
@@ -602,6 +606,10 @@ public class BuyOrderController {
         buyOrder.setShippingUser(addressRequestVo.getConsigneeName());
         buyOrder.setUserPhone(addressRequestVo.getConsigneeMobile());
         buyOrder.setAddress(addressRequestVo.getAddress());
+        String str = buyOrder.getShippingUser()+buyOrder.getAddress()+buyOrder.getRemark();
+        if (str.contains("+")||str.contains("&")) {
+            return R.error(500, "信息中不能含有“+”、“&”符号！");
+        }
         buyOrderService.updateById(buyOrder);
         return R.ok();
     }
diff --git a/src/main/java/com/peanut/modules/book/controller/UserAddressController.java b/src/main/java/com/peanut/modules/book/controller/UserAddressController.java
index bd418499..fc11a8a1 100644
--- a/src/main/java/com/peanut/modules/book/controller/UserAddressController.java
+++ b/src/main/java/com/peanut/modules/book/controller/UserAddressController.java
@@ -50,6 +50,10 @@ public class UserAddressController {
         if(userAddress.getRegionCode()==null||userAddress.getRegionCode().equals("")){
             return R.error("地址异常添加失败！");
         }
+        String str = userAddress.getConsigneeName()+userAddress.getConsigneePhone()+userAddress.getDetailAddress();
+        if(str.contains("+")||str.contains("&")){
+            return R.error("信息中不能含有“+”、“&”符号！");
+        }
         userAddressService.save(userAddress);
         return R.ok();
     }
@@ -59,6 +63,10 @@ public class UserAddressController {
         if ((userAddressService.getUserDefaultAddressCount(userAddress.getUserId()) >= 1) && userAddress.getIsDefault() == 1) {
             return R.error("已经存在默认地址");
         }
+        String str = userAddress.getConsigneeName()+userAddress.getConsigneePhone()+userAddress.getDetailAddress();
+        if(str.contains("+")||str.contains("&")){
+            return R.error("信息中不能含有“+”、“&”符号！");
+        }
         userAddressService.updateById(userAddress);
         return R.ok();
     }