diff --git a/FlyCube/MpApi/Controller/PlaneController.class.php b/FlyCube/MpApi/Controller/PlaneController.class.php
index f694f97..2f47aeb 100644
--- a/FlyCube/MpApi/Controller/PlaneController.class.php
+++ b/FlyCube/MpApi/Controller/PlaneController.class.php
@@ -521,25 +521,49 @@ class PlaneController extends PublicController
 	/**
 	 * @description: 设置禁飞区
 	 */
-	public function setNofly()
+	public function setNoflyData()
 	{
-		//总管理员 可接收任何shop_id 非总管理员 只可以调用自身shop_id 否则会中断
-		$this->isPower();
+		if ($this->tokenShop_id != C('powerId')) { // 非总管理员
+			$where['shop_id'] = $this->tokenShop_id;
+		} else {
+			$where['shop_id'] = I('post.shop_id'); // 总管理员可指定 shop_id，使用I函数更安全
+		}
 
-		if ($_REQUEST['shop_id']) {
-			$noflyDb = D('nofly');
-			$where['shop_id'] = $_REQUEST['shop_id'];
-			$data['nofly_data'] = $_REQUEST['nofly_data'];
-			$data['restrictfly_data'] = $_REQUEST['restrictfly_data'];
+		// 接收前端传来的禁飞区数据和限制飞区数据，预期是json字符串
+		$noflyData = I('post.nofly_data', '[]');        // 默认空数组json字符串
+		$restrictFlyData = I('post.restrictfly_data', '[]');
 
-			//录入数据库
-			if ($noflyDb->where($where)->save($data)) {
-				echo json_encode(array('status' => 1, 'msg' => '创建成功'));
+		// 验证数据是否是合法JSON字符串，这里简单判断，也可以更严谨
+		if (!is_string($noflyData) || !is_string($restrictFlyData)) {
+			$this->ajaxReturn(['status' => 0, 'msg' => '传入数据格式错误']);
+			return;
+		}
+
+		$noflyDb = D('nofly');
+
+		// 查询是否已有禁飞区数据
+		$exist = $noflyDb->where($where)->find();
+
+		$data['nofly_data'] = $noflyData;
+		$data['restrictfly_data'] = $restrictFlyData;
+
+		if ($exist) {
+			// 更新
+			$result = $noflyDb->where($where)->save($data);
+			if ($result !== false) {
+				$this->ajaxReturn(['status' => 1, 'msg' => '禁飞区数据更新成功']);
 			} else {
-				echo json_encode(array('status' => 0, 'msg' => '创建失败'));
+				$this->ajaxReturn(['status' => 0, 'msg' => '禁飞区数据更新失败']);
 			}
 		} else {
-			echo json_encode(array('status' => 0, 'msg' => '参数有误'));
+			// 插入
+			$data['shop_id'] = $where['shop_id'];
+			$insertId = $noflyDb->add($data);
+			if ($insertId) {
+				$this->ajaxReturn(['status' => 1, 'msg' => '禁飞区数据保存成功']);
+			} else {
+				$this->ajaxReturn(['status' => 0, 'msg' => '禁飞区数据保存失败']);
+			}
 		}
 	}
 	/**