2 giorni fa · 1ea01b66bf
--- a/fs-company/src/main/java/com/fs/company/controller/qw/FsCompanyCustomerController.java
+++ b/fs-company/src/main/java/com/fs/company/controller/qw/FsCompanyCustomerController.java
@@ -75,6 +75,20 @@ public class FsCompanyCustomerController extends BaseController {
 
				      */
			
 
				     @GetMapping("/list")
			
 
				     public TableDataInfo list(FsCompanyCustomer fsCompanyCustomer) {
			
 
				+        // 防止 SQL 注入：只允许指定的排序字段和方向
			
 
				+        String sortField = fsCompanyCustomer.getSortField();
			
 
				+        if (sortField != null) {
			
 
				+            if (!"create_time".equals(sortField) && !"filing_time".equals(sortField)) {
			
 
				+                fsCompanyCustomer.setSortField(null);
			
 
				+                fsCompanyCustomer.setSortOrder(null);
			
 
				+            }
			
 
				+        }
			
 
				+        String sortOrder = fsCompanyCustomer.getSortOrder();
			
 
				+        if (sortOrder != null) {
			
 
				+            if (!"asc".equals(sortOrder) && !"desc".equals(sortOrder)) {
			
 
				+                fsCompanyCustomer.setSortOrder(null);
			
 
				+            }
			
 
				+        }
			
 
				         // 获取当前登录用户id
			
 
				         Long currentUserId = SecurityUtils.getLoginUser().getUser().getUserId();
			
 
				         //管理员
			
--- a/fs-service/src/main/java/com/fs/qw/domain/FsCompanyCustomer.java
+++ b/fs-service/src/main/java/com/fs/qw/domain/FsCompanyCustomer.java
@@ -128,4 +128,11 @@ public class FsCompanyCustomer extends BaseEntity {
 
				      * 未加密手机号
			
 
				      * */
			
 
				     private String noEncryptPhone;
			
 
				+
			
 
				+    // 非数据库字段，用于接收前端排序参数
			
 
				+    /** 排序字段（create_time / filing_time） */
			
 
				+    private String sortField;
			
 
				+
			
 
				+    /** 排序顺序（asc / desc） */
			
 
				+    private String sortOrder;
			
 
				 }
			
--- a/fs-service/src/main/resources/mapper/qw/FsCompanyCustomerMapper.xml
+++ b/fs-service/src/main/resources/mapper/qw/FsCompanyCustomerMapper.xml
@@ -88,7 +88,15 @@
 
				         <if test="completeStatus != null">
			
 
				             and complete_status = #{completeStatus}
			
 
				         </if>
			
 
				-        order by filing_time desc
			
 
				+        <!-- 动态排序 -->
			
 
				+        <choose>
			
 
				+            <when test="sortField != null and sortField != '' and sortOrder != null and sortOrder != ''">
			
 
				+                order by ${sortField} ${sortOrder}
			
 
				+            </when>
			
 
				+            <otherwise>
			
 
				+                order by create_time desc
			
 
				+            </otherwise>
			
 
				+        </choose>
			
 
				     </select>
			
 
				 
			
 
				     <select id="selectImportFsCompanyCustomerList" parameterType="com.fs.qw.domain.FsCompanyCustomer"