From cfeb85c4aca6e9ec46679fc0a60ae0f9675e1a3c Mon Sep 17 00:00:00 2001
From: wangjie <JerryWon1214@gmail.com>
Date: Fri, 22 Aug 2025 17:58:34 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8Dorder=20by=E5=92=8Clim?=
 =?UTF-8?q?it=E3=80=81page=E7=9A=84sql=E6=B3=A8=E5=85=A5=E9=A3=8E=E9=99=A9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 lxDb/sql.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/lxDb/sql.go b/lxDb/sql.go
index 6f96769..549d3a7 100644
--- a/lxDb/sql.go
+++ b/lxDb/sql.go
@@ -207,10 +207,6 @@ func Query(tx *gorm.DB, m interface{}, list interface{}, q *PaginationQuery) (er
 //}
 
 func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, params ...interface{}) (err error) {
-	// 验证输入参数的安全性
-	if !isSafeSQL(sql) {
-		return errors.New("检测到潜在的SQL注入风险")
-	}
 
 	var builder strings.Builder
 	builder.WriteString(sql)
@@ -293,6 +289,10 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
 
 		// 安全地处理排序 - 使用白名单验证字段名
 		if q.OrderBy != "" {
+			// 验证输入参数的安全性
+			if !isSafeSQL(sql) {
+				return errors.New("检测到潜在的SQL注入风险")
+			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
 				builder.WriteString(" ORDER BY ")
@@ -322,10 +322,6 @@ func SqlQuery(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, par
 }
 
 func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery, params ...interface{}) (err error) {
-	// 验证输入参数的安全性
-	if !isSafeSQL(sql) {
-		return errors.New("检测到潜在的SQL注入风险")
-	}
 
 	var builder strings.Builder
 	builder.WriteString(sql)
@@ -407,6 +403,10 @@ func SqlQueryNew(tx *gorm.DB, sql string, list interface{}, q *PaginationQuery,
 
 		// 安全地处理排序 - 使用白名单验证字段名
 		if q.OrderBy != "" {
+			// 验证输入参数的安全性
+			if !isSafeSQL(sql) {
+				return errors.New("检测到潜在的SQL注入风险")
+			}
 			safeOrderBy := sanitizeOrderBy(q.OrderBy)
 			if safeOrderBy != "" {
 				builder.WriteString(" ORDER BY ")