diff --git a/app/Http/Controllers/Admin/HomeController.php b/app/Http/Controllers/Admin/HomeController.php
index 266d1fb..cc90e72 100644
--- a/app/Http/Controllers/Admin/HomeController.php
+++ b/app/Http/Controllers/Admin/HomeController.php
@@ -136,12 +136,18 @@ class HomeController extends CommonController
$list = [];
foreach ($productItem as $item) {
foreach ($factor as $factor_item) {
+ // 修复:使用 MySQL 5.7 的 JSON 函数进行精确查询,防止SQL注入
+ $factorItemId = (int) $factor_item->id;
$total = OrderItems::where('product_item_id', $item->id)
- ->whereRaw("factors like '%\"factor_item_id\": $factor_item->id%'")
+ ->whereRaw("JSON_SEARCH(factors, 'one', ?, NULL, '$[*].factor_item_id') IS NOT NULL", [$factorItemId])
->sum('total');
- $list [] = [
- 'name' => $item->price + $factor_item->price . '元/天',
- 'total_price' => $item->price + $factor_item->price,
+
+ // 修复:明确计算价格总和,避免运算符优先级问题
+ $totalPrice = (float) $item->price + (float) $factor_item->price;
+
+ $list[] = [
+ 'name' => $totalPrice . '元/天',
+ 'total_price' => $totalPrice,
'product_item_id' => $item->id,
'factor_item_id' => $factor_item->id,
'total' => $total,
diff --git a/app/Http/Controllers/Admin/StatisticsController.php b/app/Http/Controllers/Admin/StatisticsController.php
index 893cf52..1741d78 100755
--- a/app/Http/Controllers/Admin/StatisticsController.php
+++ b/app/Http/Controllers/Admin/StatisticsController.php
@@ -489,10 +489,10 @@ class StatisticsController extends CommonController
// 子项
$item->lies = $this->getLies($bedIds, $productItem, $factor, $month);
}
- // 获取所有列
+ // 获取所有列(包含价格和 factor_item 名称)
$lie = [];
if (isset($data[0]->lies)) {
- $lie = array_column($data[0]->lies, 'name');
+ $lie = $data[0]->lies; // 直接传递完整的 lies 数组,包含 name 和 factor_item_name
}
$months = $this->_getMonths();
@@ -517,21 +517,18 @@ class StatisticsController extends CommonController
->whereIn("bed_id", $bedIds)
->where('paid_at', 'like', '%' . $month . '%');
- // 修复:使用参数绑定防止SQL注入,并使用更精确的JSON匹配
+ // 修复:使用 MySQL 5.7 的 JSON 函数进行精确查询(推荐方式)
// 确保 factor_item_id 是整数类型,防止SQL注入
$factorItemId = (int) $factor_item->id;
- // 使用更精确的LIKE匹配模式,避免误匹配(如 1 匹配到 10、11 等)
- // 匹配模式:%"factor_item_id":数字, 或 %"factor_item_id":数字}
- // 使用 CONCAT 和参数绑定确保完全安全
- $query->where(function ($q) use ($factorItemId) {
- // 使用 CONCAT 函数构建模式,完全参数化,防止SQL注入
- $q->whereRaw("factors LIKE CONCAT('%', '\"factor_item_id\":', ?, ',%')", [$factorItemId])
- ->orWhereRaw("factors LIKE CONCAT('%', '\"factor_item_id\":', ?, '}%')", [$factorItemId]);
- });
-
- // 如果MySQL版本 >= 5.7,也可以使用JSON函数(更精确)
- // $query->whereRaw("JSON_SEARCH(factors, 'one', ?, NULL, '$[*].factor_item_id') IS NOT NULL", [$factorItemId]);
+ // 使用 JSON_SEARCH 函数精确匹配 JSON 数组中任意元素的 factor_item_id 字段
+ // 参数说明:
+ // - factors: JSON 字段名
+ // - 'one': 返回第一个匹配的路径(如果只需要判断是否存在,可以用 'one')
+ // - ?: 要搜索的值(factor_item_id)
+ // - NULL: 转义字符(不需要)
+ // - '$[*].factor_item_id': JSON 路径表达式,匹配数组中所有元素的 factor_item_id 字段
+ $query->whereRaw("JSON_SEARCH(factors, 'one', ?, NULL, '$[*].factor_item_id') IS NOT NULL", [$factorItemId]);
$total = $query->sum('total');
@@ -540,6 +537,7 @@ class StatisticsController extends CommonController
$list[] = [
'name' => $totalPrice . '元/天',
+ 'factor_item_name' => $factor_item->name ?? '', // 添加 factor_item 的 name
'total_price' => $totalPrice,
'product_item_id' => $item->id,
'factor_item_id' => $factor_item->id,
diff --git a/resources/views/admin/statistics/huli.blade.php b/resources/views/admin/statistics/huli.blade.php
index 199c7f3..076570d 100644
--- a/resources/views/admin/statistics/huli.blade.php
+++ b/resources/views/admin/statistics/huli.blade.php
@@ -31,9 +31,16 @@
| 病区 |
总收入 |
- @foreach ($lie as $v)
- {{$v}} |
- @endforeach
+ @if(!empty($lie))
+ @foreach ($lie as $lieItem)
+
+ {{$lieItem['name'] ?? ''}}
+ @if(!empty($lieItem['factor_item_name']))
+ {{$lieItem['factor_item_name']}}
+ @endif
+ |
+ @endforeach
+ @endif