sql注入问题

5 years ago · 2491b2d142
parent 71a77ac7b2
commit 2491b2d142
1 changed files with 2 additions and 2 deletions
--- a/app/queries/weapps/subject_query.rb
+++ b/app/queries/weapps/subject_query.rb
@ -33,10 +33,10 @@ class Weapps::SubjectQuery < ApplicationQuery
  private

  def order_type
-    params[:order] || "updated_at"
+    params[:order] == "updated_at" ? "updated_at" : "myshixuns_count"
  end

  def sort_type
-    params[:sort] || "desc"
+    params[:sort] == "desc" ? "desc" : "asc"
  end
 end