fix: 修复关键BUG - SQL注入+移动端修复

healthlink-his-mobile/src/views/Home.vue

@@ -42,10 +42,7 @@ const recentTasks = ref([])
 const actions = [
   { icon: '📋', label: '任务列表', path: '/mobile/tasks', color: '#1890ff' },
   { icon: '👥', label: '患者列表', path: '/mobile/patients', color: '#52c41a' },
-  { icon: '💊', label: '药品发放', path: '/mobile/drug', color: '#fa8c16' },
+  { icon: '📊', label: '生命体征', path: '/mobile/vital-entry', color: '#722ed1' }
-  { icon: '📊', label: '生命体征', path: '/mobile/vital-entry', color: '#722ed1' },
-  { icon: '📝', label: '护理记录', path: '/mobile/record', color: '#13c2c2' },
-  { icon: '💧', label: '入出量', path: '/mobile/inout', color: '#eb2f96' }
 ]
 
 onMounted(async () => {

healthlink-his-mobile/src/views/PatientDetail.vue

@@ -53,7 +53,7 @@ onMounted(async () => {
       nursingApi.getPatientInfo(id), nursingApi.getOrders(id),
       nursingApi.getVitalSigns(id), nursingApi.getAssessments(id)
     ])
-    patient.value = pRes.data || {}; orders.value = oRes.data || []; latestVitals.value = vRes.data || []; assessments.value = aRes.data || []
+    patient.value = pRes.data || {}; orders.value = oRes.data?.records || oRes.data || []; latestVitals.value = vRes.data?.records || vRes.data || []; assessments.value = aRes.data?.records || aRes.data || []
   } catch (e) { ElMessage.error('加载失败') }
 })
 

healthlink-his-mobile/src/views/PatientList.vue

@@ -1,6 +1,6 @@
 <template>
   <div class="patient-list">
-    <div class="search-bar"><input v-model="searchText" placeholder="搜索患者姓名/床号..." class="search-input" @input="filterPatients" /></div>
+    <div class="search-bar"><input v-model="searchText" placeholder="搜索患者姓名/床号..." class="search-input" /></div>
     <div v-if="loading" class="loading">加载中...</div>
     <div v-for="p in displayPatients" :key="p.id" class="patient-card" @click="$router.push(`/mobile/patient-detail/${p.id}`)">
       <div class="patient-avatar" :class="'level-' + p.nursingLevel">{{ p.name?.charAt(0) }}</div>

healthlink-his-mobile/src/views/VitalSignEntry.vue

@@ -18,12 +18,22 @@
 </template>
 
 <script setup>
-import { ref, computed } from 'vue'
+import { ref, computed, onMounted } from 'vue'
 import { useRoute } from 'vue-router'
 import { ElMessage } from 'element-plus'
 import { nursingApi } from '../api'
 
 const route = useRoute()
+
+onMounted(async () => {
+  const patientId = route.params.patientId
+  if (patientId) {
+    try {
+      const res = await nursingApi.getPatientInfo(patientId)
+      if (res.data) patientName.value = res.data.name || ''
+    } catch {}
+  }
+})
 const submitting = ref(false)
 const patientName = ref('')
 const formData = ref({ temperature: '', pulse: '', bloodPressureHigh: '', bloodPressureLow: '', spo2: '', respiration: '', painScore: 0 })

healthlink-his-server/healthlink-his-application/src/main/resources/mapper/miniprogram/MpVitalSignRecordMapper.xml

@@ -10,7 +10,7 @@
         WHERE patient_id = #{patientId}
           AND delete_flag = '0'
         <if test="days != null">
-            AND record_time >= CURRENT_TIMESTAMP - INTERVAL '${days} days'
+            AND record_time >= CURRENT_TIMESTAMP - INTERVAL CONCAT(#{days}, ' days')
         </if>
         ORDER BY record_time DESC
     </select>