diff --git a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
index 6439f27b8e..37566a083c 100644
--- a/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
+++ b/backend/src/main/java/io/dataease/commons/filter/SqlFilter.java
@@ -12,10 +12,13 @@ import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
+import java.util.ArrayList;
+import java.util.List;
 
 
 public class SqlFilter implements Filter {
 
+    private List<String> excludedUris = new ArrayList<>();
 
     @Override
     public void destroy() {
@@ -34,38 +37,43 @@ public class SqlFilter implements Filter {
             return;
         }
 
-        String method = "GET";
-        String param;
-        XssAndSqlHttpServletRequestWrapper xssRequest = null;
-        if (request instanceof HttpServletRequest) {
-            method = ((HttpServletRequest) request).getMethod();
-            xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
-        }
-        if ("POST".equalsIgnoreCase(method)) {
-            param = this.getBodyString(xssRequest.getReader());
-            if (StringUtils.isNotBlank(param)) {
-                if (xssRequest.checkXSSAndSql(param)) {
-                    response.setCharacterEncoding("UTF-8");
-                    response.setContentType("application/json;charset=UTF-8");
-                    String msg = ThreadLocalContextHolder.getData().toString();
-                    DEException.throwException(msg);
-                    return;
+        if(excludedUris.contains(((HttpServletRequest) request).getRequestURI())){
+            chain.doFilter(request, response);
+        }else {
+            String method = "GET";
+            String param;
+            XssAndSqlHttpServletRequestWrapper xssRequest = null;
+            if (request instanceof HttpServletRequest) {
+                method = ((HttpServletRequest) request).getMethod();
+                xssRequest = new XssAndSqlHttpServletRequestWrapper((HttpServletRequest) request);
+            }
+            if ("POST".equalsIgnoreCase(method)) {
+                param = this.getBodyString(xssRequest.getReader());
+                if (StringUtils.isNotBlank(param)) {
+                    if (xssRequest.checkXSSAndSql(param)) {
+                        response.setCharacterEncoding("UTF-8");
+                        response.setContentType("application/json;charset=UTF-8");
+                        String msg = ThreadLocalContextHolder.getData().toString();
+                        DEException.throwException(msg);
+                        return;
+                    }
                 }
             }
+            if (xssRequest.checkParameter()) {
+                response.setCharacterEncoding("UTF-8");
+                response.setContentType("application/json;charset=UTF-8");
+                String msg = ThreadLocalContextHolder.getData().toString();
+                DEException.throwException(msg);
+                return;
+            }
+            chain.doFilter(xssRequest, response);
         }
-        if (xssRequest.checkParameter()) {
-            response.setCharacterEncoding("UTF-8");
-            response.setContentType("application/json;charset=UTF-8");
-            String msg = ThreadLocalContextHolder.getData().toString();
-            DEException.throwException(msg);
-            return;
-        }
-        chain.doFilter(xssRequest, response);
+
     }
 
     @Override
     public void init(FilterConfig filterConfig) throws ServletException {
-
+        excludedUris.add("/dataset/table/excel/upload");
     }
 
     // 获取request请求body中参数
diff --git a/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java b/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java
index 3e15036f49..1f0dd528ee 100644
--- a/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java
+++ b/backend/src/main/java/io/dataease/provider/query/sqlserver/SqlserverQueryProvider.java
@@ -1338,8 +1338,9 @@ public class SqlserverQueryProvider extends QueryProvider {
     public List<Dateformat> dateformat() {
         return JSONArray.parseArray("[\n" +
                 "{\"dateformat\": \"102\", \"desc\": \"yyyy.mm.dd\"},\n" +
-                "{\"dateformat\": \"23\", \"desc\": \"yyyy-mm-dd\"},\n" +
+                "{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd\"},\n" +
                 "{\"dateformat\": \"111\", \"desc\": \"yyyy/mm/dd\"},\n" +
+                "{\"dateformat\": \"112\", \"desc\": \"yyyymmdd\"},\n" +
                 "{\"dateformat\": \"120\", \"desc\": \"yyyy-mm-dd hh:mi:ss\"}\n" +
                 "]", Dateformat.class);
     }
diff --git a/frontend/src/views/dataset/data/FieldEdit.vue b/frontend/src/views/dataset/data/FieldEdit.vue
index 07d9f4bd90..1454f5eb2d 100644
--- a/frontend/src/views/dataset/data/FieldEdit.vue
+++ b/frontend/src/views/dataset/data/FieldEdit.vue
@@ -859,6 +859,9 @@ export default {
         if (item.dateFormatType !== 'custom') {
           item.dateFormat = item.dateFormatType
         }
+      }else {
+        item.dateFormatType = ''
+        item.dateFormat = ''
       }
       if (item.dateFormatType === 'custom' && !item.dateFormat) {
         return