sql注入

src/main/java/com/xjrsoft/common/mybatis/SqlRunnerAdapter.java

@@ -258,12 +258,22 @@ public class SqlRunnerAdapter implements ISqlRunner, Closeable {
     }
 
     private ImmutablePair<String, List<String>> dynamicInsertBuild(String tableName, Entity params) {
+        // 校验表名是否合法
+        if (!isValidIdentifier(tableName)) {
+            throw new IllegalArgumentException("Invalid table name");
+        }
+
         SQL sql = new SQL().INSERT_INTO(tableName);
         List<String> args = new ArrayList<>();
         int i = 0;
 
         // 循环字段列表并赋值
         for (String key : params.keySet()) {
+            // 校验列名是否合法
+            if (!isValidIdentifier(key)) {
+                continue; // 或者抛出异常
+            }
+
             Object value = params.get(key);
             if (value == null) {
                 continue;
@@ -278,6 +288,12 @@ public class SqlRunnerAdapter implements ISqlRunner, Closeable {
         return new ImmutablePair<>(sql.toString(), args);
     }
 
+    // 校验标识符是否合法的方法
+    private boolean isValidIdentifier(String identifier) {
+        // 使用正则表达式校验，只允许字母、数字和下划线
+        return identifier != null && identifier.matches("^[a-zA-Z0-9_]+$");
+    }
+
     @Transactional
     public Boolean dynamicUpdate(String tableName, Entity params, Entity where) {
         SQL sql = new SQL().UPDATE(tableName);

src/main/java/com/xjrsoft/module/form/entity/QueryCondition.java

@@ -0,0 +1,23 @@
+package com.xjrsoft.module.form.entity;
+
+import lombok.Data;
+
+@Data
+public class QueryCondition {
+    private String fieldName;
+    private Object value;
+    private String operator; // "=", ">=", "<=", "LIKE"等
+    private boolean isDate;
+    private int index; // 添加索引字段
+
+    public String toSqlSnippet() {
+        if (isDate && "BETWEEN".equals(operator)) {
+            return String.format("%s BETWEEN #{conditions[%d].value[0]} AND #{conditions[%d].value[1]}",
+                    fieldName, index, index);
+        }
+        if ("LIKE".equals(operator)) {
+            return String.format("%s LIKE #{conditions[%d].value}", fieldName, index);
+        }
+        return String.format("%s %s #{conditions[%d].value}", fieldName, operator, index);
+    }
+}

src/main/java/com/xjrsoft/module/form/mapper/CustomFormDataMapper.java

@@ -0,0 +1,29 @@
+package com.xjrsoft.module.form.mapper;
+
+import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.metadata.OrderItem;
+import com.xjrsoft.module.form.entity.QueryCondition;
+import com.xjrsoft.module.form.utils.FormDataSqlProvider;
+import org.apache.ibatis.annotations.Mapper;
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.annotations.SelectProvider;
+
+import java.util.List;
+import java.util.Map;
+
+@Mapper
+public interface CustomFormDataMapper {
+
+    @SelectProvider(type = FormDataSqlProvider.class, method = "buildSelectSql")
+    IPage<Map<String, Object>> selectFormDataPage(
+            IPage<Map<String, Object>> page,
+            @Param("tableName") String tableName,
+            @Param("fields") List<String> fields,
+            @Param("conditions") List<QueryCondition> conditions);
+
+    @SelectProvider(type = FormDataSqlProvider.class, method = "buildSelectSql")
+    List<Map<String, Object>> selectFormDataList(
+            @Param("tableName") String tableName,
+            @Param("fields") List<String> fields,
+            @Param("conditions") List<QueryCondition> conditions);
+}

src/main/java/com/xjrsoft/module/form/service/impl/FormExecuteServiceImpl.java

@@ -16,6 +16,7 @@ import cn.hutool.db.sql.Direction;
 import cn.hutool.db.sql.Order;
 import cn.hutool.json.JSONUtil;
 import com.baomidou.mybatisplus.core.metadata.IPage;
+import com.baomidou.mybatisplus.core.metadata.OrderItem;
 import com.baomidou.mybatisplus.core.toolkit.StringPool;
 import com.baomidou.mybatisplus.core.toolkit.StringUtils;
 import com.xjrsoft.common.constant.GlobalConstant;
@@ -33,10 +34,8 @@ import com.xjrsoft.module.app.entity.AppFuncDesign;
 import com.xjrsoft.module.app.service.IAppFuncDesignService;
 import com.xjrsoft.module.authority.utils.AuthorityUtil;
 import com.xjrsoft.module.form.dto.*;
-import com.xjrsoft.module.form.entity.FormDesignConfig;
-import com.xjrsoft.module.form.entity.FormRelease;
-import com.xjrsoft.module.form.entity.FormReleaseConfig;
-import com.xjrsoft.module.form.entity.FormTemplate;
+import com.xjrsoft.module.form.entity.*;
+import com.xjrsoft.module.form.mapper.CustomFormDataMapper;
 import com.xjrsoft.module.form.mapper.FormReleaseMapper;
 import com.xjrsoft.module.form.mapper.FormTemplateMapper;
 import com.xjrsoft.module.form.service.IFormExecuteService;
@@ -98,6 +97,8 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
 
     private final IFormReleaseService formReleaseService;
 
+    private final CustomFormDataMapper customFormDataMapper;
+
     /**
      * 需要模糊查询的
      */
@@ -139,13 +140,15 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
             String tableName = tableConfig.getTableName();
 
             List<ColumnConfig> columnConfigs = formReleaseConfig.getListConfig().getColumnConfigs();
-            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toList());
+            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).distinct().collect(Collectors.toList());
             // 添加权限所属人字段返回
             if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
                 fieldsList.add(GlobalConstant.AUTH_USER_ID);
             }
 
-            List<Entity> listData = getListDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams());
+//            List<Entity> listData = getListDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams());
+            List<Entity> listData = getListDataByParameterization(tableName, fieldsList, formReleaseConfig, dto.getParams());
+
             if (dto.getIsTrans()) {
                 // 关联数据显示转换
                 FormDataTransUtil.transData(listData, formDesignConfig);
@@ -180,13 +183,14 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
             String tableName = tableConfig.getTableName();
 
             List<ColumnConfig> columnConfigs = formReleaseConfig.getListConfig().getColumnConfigs();
-            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toList());
+            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).distinct().collect(Collectors.toList());
             // 添加权限所属人字段返回
             if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
                 fieldsList.add(GlobalConstant.AUTH_USER_ID);
             }
 
-            List<Entity> listData = getListDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams());
+//            List<Entity> listData = getListDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams());
+            List<Entity> listData = getListDataByParameterization(tableName, fieldsList, formReleaseConfig, dto.getParams());
             if (dto.getIsTrans()) {
                 // 关联数据显示转换
                 FormDataTransUtil.transData(listData, formDesignConfig);
@@ -223,41 +227,63 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
             String tableName = tableConfig.getTableName();
 
             //构建分页参数
-            Page page = new Page(dto.getLimit() - 1, dto.getSize());
-            String field = dto.getField();
-            String orderStr = dto.getOrder();
+//            Page page = new Page(dto.getLimit() - 1, dto.getSize());
+//            String field = dto.getField();
+//            String orderStr = dto.getOrder();
+//            ListConfig listConfig = formReleaseConfig.getListConfig();
+//            if (StrUtil.isBlank(field)) {
+//                field = StrUtil.emptyToDefault(listConfig.getOrderBy(), tableConfig.getPkField());
+//                orderStr = StrUtil.emptyToDefault(listConfig.getOrderType(), "desc");
+//            }
+//            if (StrUtil.isNotBlank(field)) {
+//                Order order = new Order();
+//                order.setDirection(Direction.ASC);
+//                if (orderStr.equals("descend") || orderStr.equals("desc")) {
+//                    order.setDirection(Direction.DESC);
+//                }
+////                order.setDirection(StrUtil.equalsIgnoreCase(orderStr, "descend") ? Direction.DESC : Direction.ASC);
+//                order.setField(field);
+//                page.setOrder(order);
+//            }
+//
+//            List<ColumnConfig> columnConfigs = listConfig.getColumnConfigs();
+//            Set<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toSet());
+//            // 添加权限所属人字段返回
+//            if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
+//                fieldsList.add(GlobalConstant.AUTH_USER_ID);
+//            }
+//
+//            PageOutput<Entity> pageData = getPageDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams(), page);
+
+            IPage<Map<String, Object>> page = new com.baomidou.mybatisplus.extension.plugins.pagination.Page<>(dto.getLimit()-1, dto.getSize());
             ListConfig listConfig = formReleaseConfig.getListConfig();
-            if (StrUtil.isBlank(field)) {
-                field = StrUtil.emptyToDefault(listConfig.getOrderBy(), tableConfig.getPkField());
-                orderStr = StrUtil.emptyToDefault(listConfig.getOrderType(), "desc");
-            }
-            if (StrUtil.isNotBlank(field)) {
-                Order order = new Order();
-                order.setDirection(Direction.ASC);
-                if (orderStr.equals("descend") || orderStr.equals("desc")) {
-                    order.setDirection(Direction.DESC);
-                }
-//                order.setDirection(StrUtil.equalsIgnoreCase(orderStr, "descend") ? Direction.DESC : Direction.ASC);
-                order.setField(field);
-                page.setOrder(order);
+            if (StrUtil.isNotBlank(dto.getField())) {
+                boolean asc = !"desc".equalsIgnoreCase(dto.getOrder()) && !"descend".equalsIgnoreCase(dto.getOrder());
+                page.orders().add(new OrderItem(dto.getField(), asc));
+            } else {
+                // 默认排序
+                page.orders().add(new OrderItem(tableConfig.getPkField(), false));
             }
 
             List<ColumnConfig> columnConfigs = listConfig.getColumnConfigs();
-            Set<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toSet());
+            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).distinct().collect(Collectors.toList());
             // 添加权限所属人字段返回
             if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
                 fieldsList.add(GlobalConstant.AUTH_USER_ID);
             }
 
-            PageOutput<Entity> pageData = getPageDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams(), page);
+            PageOutput<Entity> pageData = getPageDataByParameterization(tableName, fieldsList, formReleaseConfig, dto.getParams(), page);
+
             if (dto.getIsTrans()) {
                 // 关联数据显示转换
                 FormDataTransUtil.transData(pageData.getList(), formDesignConfig);
             }
+
             return pageData;
         } else {
             throw new MyException("主表不存在");
         }
+
     }
 
     @Override
@@ -280,30 +306,50 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
             TableConfig tableConfig = mainTable.get();
             String tableName = tableConfig.getTableName();
 
-            //构建分页参数
-            Page page = new Page(dto.getLimit() - 1, dto.getSize());
-            String field = dto.getField();
-            String orderStr = dto.getOrder();
+//            //构建分页参数
+//            Page page = new Page(dto.getLimit() - 1, dto.getSize());
+//            String field = dto.getField();
+//            String orderStr = dto.getOrder();
+//            ListConfig listConfig = formReleaseConfig.getListConfig();
+//            if (StrUtil.isBlank(field)) {
+//                field = StrUtil.emptyToDefault(listConfig.getOrderBy(), tableConfig.getPkField());
+//                orderStr = StrUtil.emptyToDefault(listConfig.getOrderType(), "desc");
+//            }
+//            if (StrUtil.isNotBlank(field)) {
+//                Order order = new Order();
+//                order.setDirection(StrUtil.equalsIgnoreCase(orderStr, "desc") ? Direction.DESC : Direction.ASC);
+//                order.setField(field);
+//                page.setOrder(order);
+//            }
+//
+//            List<ColumnConfig> columnConfigs = listConfig.getColumnConfigs();
+//            Set<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toSet());
+//            // 添加权限所属人字段返回
+//            if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
+//                fieldsList.add(GlobalConstant.AUTH_USER_ID);
+//            }
+//
+//            PageOutput<Entity> pageData = getPageDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams(), page);
+
+            IPage<Map<String, Object>> page = new com.baomidou.mybatisplus.extension.plugins.pagination.Page<>();
             ListConfig listConfig = formReleaseConfig.getListConfig();
-            if (StrUtil.isBlank(field)) {
-                field = StrUtil.emptyToDefault(listConfig.getOrderBy(), tableConfig.getPkField());
-                orderStr = StrUtil.emptyToDefault(listConfig.getOrderType(), "desc");
-            }
-            if (StrUtil.isNotBlank(field)) {
-                Order order = new Order();
-                order.setDirection(StrUtil.equalsIgnoreCase(orderStr, "desc") ? Direction.DESC : Direction.ASC);
-                order.setField(field);
-                page.setOrder(order);
+            if (StrUtil.isNotBlank(dto.getField())) {
+                boolean asc = !"desc".equalsIgnoreCase(dto.getOrder()) && !"descend".equalsIgnoreCase(dto.getOrder());
+                page.orders().add(new OrderItem(dto.getField(), asc));
+            } else {
+                // 默认排序
+                page.orders().add(new OrderItem(tableConfig.getPkField(), false));
             }
 
             List<ColumnConfig> columnConfigs = listConfig.getColumnConfigs();
-            Set<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).collect(Collectors.toSet());
+            List<String> fieldsList = columnConfigs.stream().map(ColumnConfig::getColumnName).distinct().collect(Collectors.toList());
             // 添加权限所属人字段返回
             if (BooleanUtils.isTrue(formDesignConfig.getIsDataAuth())) {
                 fieldsList.add(GlobalConstant.AUTH_USER_ID);
             }
 
-            PageOutput<Entity> pageData = getPageDataByExpression(tableName, fieldsList, formDesignConfig, formReleaseConfig, dto.getParams(), page);
+            PageOutput<Entity> pageData = getPageDataByParameterization(tableName, fieldsList, formReleaseConfig, dto.getParams(), page);
+
             if (dto.getIsTrans()) {
                 // 关联数据显示转换
                 FormDataTransUtil.transData(pageData.getList(), formDesignConfig);
@@ -568,7 +614,6 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
         return updateFormData(formData, template);
     }
 
-
     @Override
     public Boolean delete(FormExecuteDeleteDto dto) {
 
@@ -866,7 +911,6 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
         }
     }
 
-
     @Transactional
     public Long insertFormData(Map<String, Object> formData, FormTemplate template) {
 //        for (Map.Entry<String, Object> entry : formData.entrySet()) {
@@ -1596,6 +1640,62 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
         return entities;
     }
 
+    @SneakyThrows
+    private List<Entity> getListDataByParameterization(String tableName,
+                                                             List<String> fieldsList,
+                                                             FormReleaseConfig formReleaseConfig,
+                                                             Map<String, Object> params
+    ) {
+        //获取表里所有字段
+        Table tableMeta = SqlRunnerAdapter.db().getTableMeta(tableName);
+        Collection<Column> columns = tableMeta.getColumns();
+
+        Optional<Column> pkOptional = columns.stream().filter(Column::isPk).findFirst();
+        Column pkColumn;
+
+        if (pkOptional.isPresent()) {
+            pkColumn = pkOptional.get();
+            fieldsList.add(0, pkColumn.getName());
+        } else {
+            throw new MyException("主键不存在");
+        }
+
+        List<QueryConfig> queryConfigs = formReleaseConfig.getListConfig().getQueryConfigs();
+
+        //如果有左侧树 需要把所选项目 where 条件加上
+        if (formReleaseConfig.getListConfig().getIsLeftMenu()) {
+            //如果已经包含此字段  就不添加了
+            if (queryConfigs.stream().noneMatch(x -> StrUtil.equals(x.getFieldName(), formReleaseConfig.getListConfig().getLeftMenuConfig().getListFieldName()))) {
+                QueryConfig queryConfig = new QueryConfig();
+                queryConfig.setFieldName(formReleaseConfig.getListConfig().getLeftMenuConfig().getListFieldName());
+                queryConfig.setIsDate(false);
+                queryConfigs.add(queryConfig);
+            }
+        }
+
+        // 构建查询条件
+        List<QueryCondition> conditions = buildQueryConditions(formReleaseConfig, params, columns);
+
+        // 执行分页查询
+        List<Map<String, Object>> pageResult = customFormDataMapper.selectFormDataList(
+                tableName,
+                fieldsList,
+                conditions
+        );
+
+        List<Entity> rData = new ArrayList<>();
+        for (Map<String, Object> item : pageResult) {
+            Entity entity = Entity.create();
+            for (String key : item.keySet()) {
+                entity.set(key, item.get(key));
+            }
+            //将所有查询的数据id 转string
+            entity.set(pkColumn.getName(), entity.get(pkColumn.getName()).toString());
+            rData.add(entity);
+        }
+
+        return rData;
+    }
 
     /**
      * 根据配置信息获取不分页列表数据
@@ -1784,7 +1884,7 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
                             queryExpression = new AndExpression(queryExpression, leq);
                         }
                     }
-                }else{
+                } else {
                     Object value = MapUtil.get(params, fieldName, Object.class);
                     //如果没有数据 则跳过
                     if (value == null || StrUtil.isEmpty(String.valueOf(value))) {
@@ -1941,6 +2041,154 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
         return pageOutput;
     }
 
+    @SneakyThrows
+    private PageOutput<Entity> getPageDataByParameterization(String tableName,
+                                                             List<String> fieldsList,
+                                                             FormReleaseConfig formReleaseConfig,
+                                                             Map<String, Object> params,
+                                                             IPage<Map<String, Object>> page
+    ) {
+        //获取表里所有字段
+        Table tableMeta = SqlRunnerAdapter.db().getTableMeta(tableName);
+        Collection<Column> columns = tableMeta.getColumns();
+
+        Optional<Column> pkOptional = columns.stream().filter(Column::isPk).findFirst();
+        Column pkColumn;
+
+        if (pkOptional.isPresent()) {
+            pkColumn = pkOptional.get();
+            fieldsList.add(0, pkColumn.getName());
+        } else {
+            throw new MyException("主键不存在");
+        }
+
+        List<QueryConfig> queryConfigs = formReleaseConfig.getListConfig().getQueryConfigs();
+
+        //如果有左侧树 需要把所选项目 where 条件加上
+        if (formReleaseConfig.getListConfig().getIsLeftMenu()) {
+            //如果已经包含此字段  就不添加了
+            if (queryConfigs.stream().noneMatch(x -> StrUtil.equals(x.getFieldName(), formReleaseConfig.getListConfig().getLeftMenuConfig().getListFieldName()))) {
+                QueryConfig queryConfig = new QueryConfig();
+                queryConfig.setFieldName(formReleaseConfig.getListConfig().getLeftMenuConfig().getListFieldName());
+                queryConfig.setIsDate(false);
+                queryConfigs.add(queryConfig);
+            }
+        }
+
+        // 构建查询条件
+        List<QueryCondition> conditions = buildQueryConditions(formReleaseConfig, params, columns);
+
+        // 执行分页查询
+        IPage<Map<String, Object>> pageResult = customFormDataMapper.selectFormDataPage(
+                page,
+                tableName,
+                fieldsList,
+                conditions
+        );
+
+        List<Entity> rData = new ArrayList<>();
+        for (Map<String, Object> item : pageResult.getRecords()) {
+            Entity entity = Entity.create();
+            for (String key : item.keySet()) {
+                entity.set(key, item.get(key));
+            }
+            //将所有查询的数据id 转string
+            entity.set(pkColumn.getName(), entity.get(pkColumn.getName()).toString());
+            rData.add(entity);
+        }
+
+        PageOutput<Entity> pageData = new PageOutput<>();
+        pageData.setPageSize((int) pageResult.getSize());
+        pageData.setCurrentPage((int) pageResult.getCurrent());
+        pageData.setTotal((int) pageResult.getTotal());
+        pageData.setList(rData);
+
+        return pageData;
+    }
+
+    private List<QueryCondition> buildQueryConditions(FormReleaseConfig formReleaseConfig,
+                                                      Map<String, Object> params, Collection<Column> columns) {
+        List<QueryCondition> conditions = new ArrayList<>();
+        int index = 0; // 初始化索引计数器
+
+        // 处理日期条件
+        for (QueryConfig queryConfig : formReleaseConfig.getListConfig().getQueryConfigs()) {
+            String fieldName = queryConfig.getFieldName();
+            if (queryConfig.getIsDate()) {
+                String startTime = MapUtil.get(params, fieldName + GlobalConstant.START_TIME_SUFFIX, String.class);
+                String endTime = MapUtil.get(params, fieldName + GlobalConstant.END_TIME_SUFFIX, String.class);
+
+                if (StringUtils.isNotEmpty(startTime) && StringUtils.isNotEmpty(endTime)) {
+                    QueryCondition condition = new QueryCondition();
+                    condition.setFieldName(fieldName);
+                    condition.setValue(new Object[]{startTime, endTime});
+                    condition.setOperator("BETWEEN");
+                    condition.setDate(true);
+                    condition.setIndex(index++); // 设置索引并递增
+                    conditions.add(condition);
+                } else if (StringUtils.isNotEmpty(startTime)) {
+                    QueryCondition condition = new QueryCondition();
+                    condition.setFieldName(fieldName);
+                    condition.setValue(startTime);
+                    condition.setOperator(">=");
+                    condition.setDate(true);
+                    condition.setIndex(index++); // 设置索引并递增
+                    conditions.add(condition);
+                } else if (StringUtils.isNotEmpty(endTime)) {
+                    QueryCondition condition = new QueryCondition();
+                    condition.setFieldName(fieldName);
+                    condition.setValue(endTime);
+                    condition.setOperator("<=");
+                    condition.setDate(true);
+                    condition.setIndex(index++); // 设置索引并递增
+                    conditions.add(condition);
+                }
+            } else {
+                Object value = MapUtil.get(params, fieldName, Object.class);
+                if (value != null && StrUtil.isNotEmpty(String.valueOf(value))) {
+                    QueryCondition condition = new QueryCondition();
+                    condition.setFieldName(fieldName);
+
+                    // 根据字段类型决定操作符
+                    Optional<Column> column = columns.stream()
+                            .filter(c -> StrUtil.equalsIgnoreCase(c.getName(), fieldName))
+                            .findFirst();
+
+                    if (column.isPresent()) {
+                        String className = JdbcToJavaUtil.getClassName(column.get());
+                        if (LIKE_CLASS_NAME.contains(className)) {
+                            condition.setOperator("LIKE");
+                            condition.setValue("%" + value + "%");
+                        } else {
+                            condition.setOperator("=");
+                            condition.setValue(value);
+                        }
+                    } else {
+                        condition.setOperator("=");
+                        condition.setValue(value);
+                    }
+
+                    condition.setIndex(index++); // 设置索引并递增
+                    conditions.add(condition);
+                }
+            }
+        }
+
+        // 添加删除标记条件
+        if (columns.stream().anyMatch(c -> StrUtil.equalsIgnoreCase(GlobalConstant.DELETE_MARK, c.getName()))) {
+            QueryCondition condition = new QueryCondition();
+            condition.setFieldName(GlobalConstant.DELETE_MARK);
+            condition.setValue(DeleteMark.NODELETE.getCode());
+            condition.setOperator("=");
+            condition.setIndex(index++); // 设置索引并递增
+            conditions.add(condition);
+        }
+
+        // TODO 添加数据权限字段
+
+        return conditions;
+    }
+
     /**
      * 根据配置信息获取分页列表数据
      *
@@ -2379,7 +2627,7 @@ public class FormExecuteServiceImpl implements IFormExecuteService {
                 if (formDicData.containsKey(bindField)) {
                     Map<String, Object> dicData = formDicData.get(bindField);
                     List<Object> mapKey = FormDataTransUtil.getMapKey(dicData, formData.get(bindField));
-                    if (!mapKey.isEmpty())  {
+                    if (!mapKey.isEmpty()) {
                         resultData.put(bindField, mapKey.stream().findFirst().get());
                     } else {
                         String label = config.getLabel();

src/main/java/com/xjrsoft/module/form/utils/FormDataSqlProvider.java

@@ -0,0 +1,37 @@
+package com.xjrsoft.module.form.utils;
+
+import com.baomidou.mybatisplus.core.metadata.OrderItem;
+import com.xjrsoft.module.form.entity.QueryCondition;
+import org.apache.ibatis.jdbc.SQL;
+
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+public class FormDataSqlProvider {
+
+    public String buildSelectSql(Map<String, Object> params) {
+        String tableName = (String) params.get("tableName");
+        List<String> fields = (List<String>) params.get("fields");
+        @SuppressWarnings("unchecked")
+        List<QueryCondition> conditions = (List<QueryCondition>) params.get("conditions");
+
+        SQL sql = new SQL();
+        sql.SELECT(String.join(", ", fields));
+        sql.FROM(tableName);
+
+        // 添加查询条件
+        if (conditions != null && !conditions.isEmpty()) {
+            for (int i = 0; i < conditions.size(); i++) {
+                QueryCondition condition = conditions.get(i);
+                if (i == 0) {
+                    sql.WHERE(condition.toSqlSnippet());
+                } else {
+                    sql.AND().WHERE(condition.toSqlSnippet());
+                }
+            }
+        }
+
+        return sql.toString();
+    }
+}