From 3339ba9bad28b9071800a11fbc22c1daedf4e92f Mon Sep 17 00:00:00 2001
From: zhengkunwang <31820853+zhengkunwang223@users.noreply.github.com>
Date: Mon, 22 Jul 2024 22:41:31 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20=E8=A7=A3=E5=86=B3=E6=BD=9C=E5=9C=A8?=
 =?UTF-8?q?=E7=9A=84=20SQL=20=E6=B3=A8=E5=85=A5=E6=BC=8F=E6=B4=9E=20(#5906?=
 =?UTF-8?q?)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

影响范围：操作日志
---
 backend/middleware/operation.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/backend/middleware/operation.go b/backend/middleware/operation.go
index d6b695e06..1ac3f2982 100644
--- a/backend/middleware/operation.go
+++ b/backend/middleware/operation.go
@@ -96,10 +96,9 @@ func OperationLog() gin.HandlerFunc {
 					if funcs.InputValue == key {
 						var names []string
 						if funcs.IsList {
-							sql := fmt.Sprintf("SELECT %s FROM %s where %s in (?);", funcs.OutputColumn, funcs.DB, funcs.InputColumn)
-							_ = global.DB.Raw(sql, value).Scan(&names)
+							_ = global.DB.Raw("select ? from ? where ? in (?);", funcs.OutputColumn, funcs.DB, funcs.InputColumn, value).Scan(&names)
 						} else {
-							_ = global.DB.Raw(fmt.Sprintf("select %s from %s where %s = ?;", funcs.OutputColumn, funcs.DB, funcs.InputColumn), value).Scan(&names)
+							_ = global.DB.Raw("select ? from ? where ? = ?;", funcs.OutputColumn, funcs.DB, funcs.InputColumn, value).Scan(&names)
 						}
 						formatMap[funcs.OutputValue] = strings.Join(names, ",")
 						break