From 64db19a122c26b99684e6886ba011428794655cf Mon Sep 17 00:00:00 2001 From: cody <648753004@qq.com> Date: Thu, 18 Dec 2025 14:46:47 +0800 Subject: [PATCH] =?UTF-8?q?=E5=8F=98=E6=9B=B4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Admin/StatisticsController.php | 86 ++++++++++++++----- 1 file changed, 63 insertions(+), 23 deletions(-) diff --git a/app/Http/Controllers/Admin/StatisticsController.php b/app/Http/Controllers/Admin/StatisticsController.php index 3363608..893cf52 100755 --- a/app/Http/Controllers/Admin/StatisticsController.php +++ b/app/Http/Controllers/Admin/StatisticsController.php @@ -94,17 +94,29 @@ class StatisticsController extends CommonController $query->where("project_id", $project_id); })->pluck("paramedic_id")->toArray(); $query->where("project_id", $project_id)->orWhereIn("id", $order_item_paramedic_ids); - })->with(["orderItems" => function ($query) use ($month, $project_id) { - $query->whereRaw("(DATE_FORMAT(`service_date`,'%Y-%m') = '{$month}' or DATE_FORMAT(`paid_at`,'%Y-%m') = '{$month}')") - ->where("total", ">", 0) - ->whereHas("order", function ($query) use ($project_id) { - $query->where("project_id", $project_id); - }) - ->with(["order", "product", "productItem", "productParamedicLevel", "paramedic" => function ($query) { - $query->withoutGlobalScope(AdminProjectScope::class); - }, "bed", "room", "building", "area"]) - ->orderBy("id"); - }])->get(); + })->with([ + "orderItems" => function ($query) use ($month, $project_id) { + $query->whereRaw("(DATE_FORMAT(`service_date`,'%Y-%m') = '{$month}' or DATE_FORMAT(`paid_at`,'%Y-%m') = '{$month}')") + ->where("total", ">", 0) + ->whereHas("order", function ($query) use ($project_id) { + $query->where("project_id", $project_id); + }) + ->with([ + "order", + "product", + "productItem", + "productParamedicLevel", + "paramedic" => function ($query) { + $query->withoutGlobalScope(AdminProjectScope::class); + }, + "bed", + "room", + "building", + "area" + ]) + ->orderBy("id"); + } + ])->get(); $allItems = collect(); foreach ($paramedics as $paramedic) { @@ -209,8 +221,10 @@ class StatisticsController extends CommonController $factors = json_decode($orderItem->factors, true); $parent_factors = json_decode($orderItem->order->factors, true); - if (!in_array("所在科室", collect($factors)->pluck("factor_name")->toArray()) - && in_array("所在科室", collect($parent_factors)->pluck("factor_name")->toArray())) { + if ( + !in_array("所在科室", collect($factors)->pluck("factor_name")->toArray()) + && in_array("所在科室", collect($parent_factors)->pluck("factor_name")->toArray()) + ) { $add = collect($parent_factors)->keyBy("factor_name")["所在科室"]; $factors[] = $add; $orderItem->update([ @@ -338,16 +352,16 @@ class StatisticsController extends CommonController "patients" => function ($query) use ($before_datetime) { $query->whereRaw("UNIX_TIMESTAMP(`created_at`) <= {$before_datetime}")->orderBy("id", "desc"); }, -// "oneBalance" => function ($query) use ($before_datetime) { + // "oneBalance" => function ($query) use ($before_datetime) { // $query->whereRaw("UNIX_TIMESTAMP(`created_at`) <= {$before_datetime}")->orderBy("id", "desc"); // } ]) -// ->whereHas("oneBalance", function ($query) use ($before_datetime) { + // ->whereHas("oneBalance", function ($query) use ($before_datetime) { // $query->whereRaw("UNIX_TIMESTAMP(`created_at`) <= {$before_datetime}")->where("balance", ">", 0)->orderBy("id", "desc"); // }) ->whereHas("orders", function ($query) use ($before_datetime, $project_id) { $query -// ->whereRaw("UNIX_TIMESTAMP(`created_at`) <= {$before_datetime}") + // ->whereRaw("UNIX_TIMESTAMP(`created_at`) <= {$before_datetime}") ->where("project_id", $project_id); }) ->get(); @@ -491,16 +505,42 @@ class StatisticsController extends CommonController public function getLies($bedIds, $productItem, $factor, $month) { $list = []; + + // 修复:如果床位ID为空,直接返回空数组,避免 whereIn 空数组导致的SQL错误 + if (empty($bedIds)) { + return $list; + } + foreach ($productItem as $item) { foreach ($factor as $factor_item) { - $total = OrderItems::where('product_item_id', $item->id) + $query = OrderItems::where('product_item_id', $item->id) ->whereIn("bed_id", $bedIds) - ->whereRaw("factors like '%\"factor_item_id\": $factor_item->id%'") - ->where('paid_at', 'like', '%' . $month . '%') - ->sum('total'); - $list [] = [ - 'name' => $item->price + $factor_item->price . '元/天', - 'total_price' => $item->price + $factor_item->price, + ->where('paid_at', 'like', '%' . $month . '%'); + + // 修复:使用参数绑定防止SQL注入,并使用更精确的JSON匹配 + // 确保 factor_item_id 是整数类型,防止SQL注入 + $factorItemId = (int) $factor_item->id; + + // 使用更精确的LIKE匹配模式,避免误匹配(如 1 匹配到 10、11 等) + // 匹配模式:%"factor_item_id":数字, 或 %"factor_item_id":数字} + // 使用 CONCAT 和参数绑定确保完全安全 + $query->where(function ($q) use ($factorItemId) { + // 使用 CONCAT 函数构建模式,完全参数化,防止SQL注入 + $q->whereRaw("factors LIKE CONCAT('%', '\"factor_item_id\":', ?, ',%')", [$factorItemId]) + ->orWhereRaw("factors LIKE CONCAT('%', '\"factor_item_id\":', ?, '}%')", [$factorItemId]); + }); + + // 如果MySQL版本 >= 5.7,也可以使用JSON函数(更精确) + // $query->whereRaw("JSON_SEARCH(factors, 'one', ?, NULL, '$[*].factor_item_id') IS NOT NULL", [$factorItemId]); + + $total = $query->sum('total'); + + // 修复:明确计算价格总和,避免运算符优先级问题 + $totalPrice = (float) $item->price + (float) $factor_item->price; + + $list[] = [ + 'name' => $totalPrice . '元/天', + 'total_price' => $totalPrice, 'product_item_id' => $item->id, 'factor_item_id' => $factor_item->id, 'total' => $total