fix: 修复关键BUG - SQL注入+移动端修复

2026-06-19 23:11:13 +08:00
parent 8914dca1df
commit fdf56a33ce
5 changed files with 15 additions and 8 deletions
--- a/healthlink-his-server/healthlink-his-application/src/main/resources/mapper/miniprogram/MpVitalSignRecordMapper.xml
+++ b/healthlink-his-server/healthlink-his-application/src/main/resources/mapper/miniprogram/MpVitalSignRecordMapper.xml
@@ -10,7 +10,7 @@
        WHERE patient_id = #{patientId}
          AND delete_flag = '0'
        <if test="days != null">
-            AND record_time >= CURRENT_TIMESTAMP - INTERVAL '${days} days'
+            AND record_time >= CURRENT_TIMESTAMP - INTERVAL CONCAT(#{days}, ' days')
        </if>
        ORDER BY record_time DESC
    </select>