diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 68accdfd0..7ba756806 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -1614,10 +1614,10 @@ class UsersController < ApplicationController
   # 删除用户资源，分为批量删除 和 单个删除，只能删除自己上传的资源
   def user_resource_delete
     if params[:resource_id].present?
-      Attachment.where("author_id = #{User.current.id}").delete(params[:resource_id])
+      Attachment.where("author_id =? and id =?", User.current.id, params[:resource_id]).first.destroy
     elsif params[:checkbox1].present?
       params[:checkbox1].each do |id|
-        Attachment.where("author_id = #{User.current.id}").delete(id)
+        Attachment.where("author_id =? and id =?", User.current.id, id).first.destroy
       end
     end
     @user = User.current