tool/lxutils
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

fix:orderBy不拼接

Browse Source
This commit is contained in:
wangning 2025-08-23 14:18:10 +08:00
parent a2eb8010d3
commit 977c301dc5
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lxDb/sql.go
View File

@ -2,6 +2,7 @@ package lxDb
import ( import (
"errors" "errors"
"fmt"
"git.listensoft.net/tool/lxutils/lxUtil" "git.listensoft.net/tool/lxutils/lxUtil"
"gorm.io/gorm" "gorm.io/gorm"
"regexp" "regexp"
@ -283,11 +284,8 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
if !isSafeSQL(q.OrderBy) { if !isSafeSQL(q.OrderBy) {
return errors.New("环境异常") return errors.New("环境异常")
} }
safeOrderBy := sanitizeOrderBy(q.OrderBy) s := fmt.Sprintf(" ORDER BY %s", lxUtil.FieldToColumn(q.OrderBy)) // TODO: q.OrderBy是字符串,可能多个字段 会有问题吗
if safeOrderBy != "" { builder.WriteString(s)
builder.WriteString(" ORDER BY ")
builder.WriteString(safeOrderBy)
}
} }
// 安全地处理分页 - 使用参数化查询 // 安全地处理分页 - 使用参数化查询