From 2e806f1dcfe4a25e434553f85ad4939eddf123e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E9=99=88=E5=BF=83=E5=B7=A7?=
 <12432082+chenxinqiao@user.noreply.gitee.com>
Date: Thu, 9 Nov 2023 08:11:17 +0000
Subject: [PATCH] =?UTF-8?q?update=20applications/view/system/dept.py.=20?=
 =?UTF-8?q?=E4=BF=AE=E6=AD=A3=E9=83=A8=E9=97=A8=E4=B8=8D=E8=83=BD=E6=9B=B4?=
 =?UTF-8?q?=E6=96=B0bug=E3=80=82?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

id = json.get("deptId"),  会得到tuple
在其后的 Dept.query.filter_by(id=id) , 会生成形如 update 。。。。 from xx where id=( id, ) 的sql，导致执行sql失败
#id = json.get("deptId"),
改成
id = str_escape(json.get("deptId")) 即可。

Signed-off-by: 陈心巧 <12432082+chenxinqiao@user.noreply.gitee.com>
---
 applications/view/system/dept.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/applications/view/system/dept.py b/applications/view/system/dept.py
index 91941d8..20e4a09 100644
--- a/applications/view/system/dept.py
+++ b/applications/view/system/dept.py
@@ -108,7 +108,8 @@ def dis_enable():
 @authorize("system:dept:edit", log=True)
 def update():
     json = request.get_json(force=True)
-    id = json.get("deptId"),
+    #id = json.get("deptId"),
+    id = str_escape(json.get("deptId"))
     data = {
         "dept_name": validate.str_escape(json.get("deptName")),
         "sort": validate.str_escape(json.get("sort")),
-- 
Gitee