From a6c48fc6816762499db362391dd570d3623640a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E5=90=B4=E5=B1=95=E9=B9=8F?= <wsh5485@163.com>
Date: Tue, 9 Dec 2025 17:13:52 +0800
Subject: [PATCH] =?UTF-8?q?fix(bookings):=20=E4=BF=AE=E5=A4=8D=E5=AE=A2?=
 =?UTF-8?q?=E6=9C=8D=E5=A4=87=E6=B3=A8=E5=8A=9F=E8=83=BD=E4=B8=AD=E7=9A=84?=
 =?UTF-8?q?=E6=95=B0=E6=8D=AE=E5=BA=93=E8=BF=9E=E6=8E=A5=E5=92=8C=E8=BD=AC?=
 =?UTF-8?q?=E4=B9=89=E9=97=AE=E9=A2=98?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

将$conn改为$pdo以使用正确的数据库连接
移除addslashes函数调用，仅使用htmlspecialchars进行转义
---
 bookings.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bookings.php b/bookings.php
index d501be7..849a98b 100644
--- a/bookings.php
+++ b/bookings.php
@@ -28,7 +28,7 @@ if (isset($_POST['action']) && isset($_POST['booking_id'])) {
         } elseif ($action == 'update_notes' && isset($_POST['notes_content'])) {
             // 更新客服备注
             $notes_content = $_POST['notes_content'];
-            $stmt = $conn->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
+            $stmt = $pdo->prepare("UPDATE bookings SET custom_services = ? WHERE id = ?");
             $stmt->execute([$notes_content, $booking_id]);
             echo 'success';
             exit();
@@ -230,13 +230,13 @@ try {
                             <div class="package-description">
                                 <span class="detail-label">客服备注：</span>
                                 <span><?php echo htmlspecialchars($booking['custom_services']); ?></span>
-                                <button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo addslashes(htmlspecialchars($booking['custom_services'])); ?>')" style="margin-left: 10px;">修改</button>
+                                <button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">修改</button>
                             </div>
                         <?php else: ?>
                             <div class="package-description">
                                 <span class="detail-label">客服备注：</span>
                                 <span style="color: #999;">无</span>
-                                <button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '')" style="margin-left: 10px;">添加</button>
+                                <button type="button" class="btn btn-sm btn-secondary" onclick="openEditNotesModal(<?php echo $booking['id']; ?>, '<?php echo htmlspecialchars($booking['custom_services']); ?>')" style="margin-left: 10px;">添加</button>
                             </div>
                         <?php endif; ?>