From 3020d8335bee8882e20593905c75c1afb5bdf5f7 Mon Sep 17 00:00:00 2001
From: wangjie <JerryWon1214@gmail.com>
Date: Fri, 22 Aug 2025 18:04:12 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dorder=20by=E5=92=8Clim?=
 =?UTF-8?q?it=E3=80=81page=E7=9A=84sql=E6=B3=A8=E5=85=A5=E9=A3=8E=E9=99=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lxDb/sql.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxDb/sql.go b/lxDb/sql.go
index 549d3a7..781b73b 100644
--- a/lxDb/sql.go
+++ b/lxDb/sql.go
@@ -290,7 +290,7 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
 		// 安全地处理排序 - 使用白名单验证字段名
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
-			if !isSafeSQL(sql) {
+			if !isSafeSQL(q.OrderBy) {
 				return errors.New("检测到潜在的SQL注入风险")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
@@ -404,7 +404,7 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
 		// 安全地处理排序 - 使用白名单验证字段名
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
-			if !isSafeSQL(sql) {
+			if !isSafeSQL(q.OrderBy) {
 				return errors.New("检测到潜在的SQL注入风险")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)