部位明细，变更计量错误

app/extend/helper.js

@@ -677,7 +677,7 @@ module.exports = {
      * @returns {*}
      */
     replaceReturn(str) {
-        return (str && str instanceof String) ? str.replace(/[\r\n]/g, '') : str;
+        return (str && typeof str === 'string') ? str.replace(/[\r\n]/g, '') : str;
     },
 
     /**

app/service/stage_pos.js

@@ -38,7 +38,7 @@ module.exports = app => {
                 if (pid instanceof Array) {
                     pidSql = pid.length > 0 ? (' And pid in ('  + this.ctx.helper.getInArrStrSqlFilter(pid) + ')') : '';
                 } else {
-                    pidSql = (pid instanceof String || pid instanceof Number) ? ' And pid = ' + pid : '';
+                    pidSql = (typeof pid === 'string') ? ' And pid = ' + this.db.escape(pid) : '';
                 }
             }
             const sql = 'SELECT Pos.* FROM ' + this.tableName + ' As Pos ' +
@@ -72,7 +72,7 @@ module.exports = app => {
             if (pid instanceof Array) {
                 pidSql = pid.length > 0 ? ' And Pos.pid in (' + this.ctx.helper.getInArrStrSqlFilter(pid) + ')' : '';
             } else {
-                pidSql = pid ? 'And Pos.pid = ' + pid.toString() : '';
+                pidSql = pid ? 'And Pos.pid = ' + this.db.escape(pid) : '';
             }
             const sql = 'SELECT Pos.* FROM ' + this.tableName + ' As Pos ' +
                 '  INNER JOIN ( ' +
@@ -358,7 +358,7 @@ module.exports = app => {
         }
 
         async updateChangeQuantity(transaction, pos, qty) {
-            const orgPos = await this.getLastestStageData(this.ctx.tender.id, this.ctx.stage.id, pos.pid);
+            const orgPos = await this.getLastestStageData(this.ctx.tender.id, this.ctx.stage.id, pos.id);
             if (orgPos && orgPos.times === this.ctx.stage.curTimes && orgPos.order === this.ctx.stage.curOrder) {
                 await transaction.update(this.tableName, {id: orgPos.id, qc_qty: qty});
             } else {