diff --git a/webapp/controller/ShopController.class.php b/webapp/controller/ShopController.class.php
index 76c67ccb..fb8da15e 100644
--- a/webapp/controller/ShopController.class.php
+++ b/webapp/controller/ShopController.class.php
@@ -262,10 +262,10 @@ class ShopController extends BaseAuthedController
                 $conn,
                 't_shop_buy_order',
                 array(
-                    'order_id' => $order_id,
+                    'idx' => $lastId,
                 ),
                 array(
-                    'idx' => $lastId,
+                    'order_id' => $order_id,
                 )
             );
             $this->_rspData(
@@ -348,7 +348,7 @@ class ShopController extends BaseAuthedController
         $signature = hash_hmac('sha256', $hash_data, BUY_SERVER_PKEY);
 
         error_log("buyGoodsDirect-------" . $signature . "---" . $sign . "---" . json_encode($data));
-        
+
         if ($signature != $sign) {
             $this->_rspErr(1, "signature error, signature: {$signature}, sign: {$sign}");
             return;
@@ -358,7 +358,7 @@ class ShopController extends BaseAuthedController
 
         $conn = myself()->_getMysql('');
 
-        $order = SqlHelper::selectOne($conn, 't_shop_buy_order', array('address', 'id', 'item_id', 'goods_num', 'status'), array('idx' => $order_id));
+        $order = SqlHelper::selectOne($conn, 't_shop_buy_order', array('address', 'id', 'item_id', 'goods_num', 'status'), array('order_id' => $order_id));
         if (!$order) {
             $this->_rspErr(2, "order not found: {$order_id}");
             return;