From 718276c41043cc1d2aaa6890dd92a2620b94341a Mon Sep 17 00:00:00 2001
From: wangjie <JerryWon1214@gmail.com>
Date: Fri, 22 Aug 2025 19:08:43 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=E6=A3=80=E6=B5=8B?=
 =?UTF-8?q?=E9=80=BB=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lxDb/sql.go | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/lxDb/sql.go b/lxDb/sql.go
index 5e1cf1e..878ba4e 100644
--- a/lxDb/sql.go
+++ b/lxDb/sql.go
@@ -291,7 +291,7 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
 			if !isSafeSQL(q.OrderBy) {
-				return errors.New("检测到潜在的SQL注入风险")
+				return errors.New("环境异常")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
@@ -405,7 +405,7 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
 		if q.OrderBy != "" {
 			// 验证输入参数的安全性
 			if !isSafeSQL(q.OrderBy) {
-				return errors.New("检测到潜在的SQL注入风险")
+				return errors.New("环境异常")
 			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
@@ -574,11 +574,6 @@ func isSafeSQL(sql string) bool {
 		return false
 	}
 
-	// 检查是否包含单引号或双引号（可能的字符串注入）
-	if strings.Contains(sql, "'") || strings.Contains(sql, "\"") {
-		return false
-	}
-
 	return true
 }