diff --git a/FlyCube/MpApi/Controller/PlaneController.class.php b/FlyCube/MpApi/Controller/PlaneController.class.php
index fc4d8a4..caaba27 100644
--- a/FlyCube/MpApi/Controller/PlaneController.class.php
+++ b/FlyCube/MpApi/Controller/PlaneController.class.php
@@ -1169,11 +1169,29 @@ class PlaneController extends PublicController
 			}
 		}
 
+		// 验证必填字段内容不为空
+		if (trim($_REQUEST['name']) === '') {
+			echo json_encode(['status' => 0, 'msg' => '样式名称不能为空']);
+			return;
+		}
+
+		if (trim($_REQUEST['url']) === '') {
+			echo json_encode(['status' => 0, 'msg' => '样式URL不能为空']);
+			return;
+		}
+
+		// URL格式验证
+		$url = is_array($_REQUEST['url']) ? current($_REQUEST['url']) : $_REQUEST['url'];
+		if (!filter_var($url, FILTER_VALIDATE_URL)) {
+			echo json_encode(['status' => 0, 'msg' => '无效的URL格式']);
+			return;
+		}
+
 		$data = [
 			'name' => $_REQUEST['name'],
 			'sprite' => $_REQUEST['sprite'] ?? '',
 			'glyphs' => $_REQUEST['glyphs'] ?? 'mapbox://fonts/mapbox/{fontstack}/{range}.pbf',
-			'url' => is_array($_REQUEST['url']) ? current($_REQUEST['url']) : $_REQUEST['url'],
+			'url' => $url,
 			'is_active' => isset($_REQUEST['is_active']) ? intval($_REQUEST['is_active']) : 1,
 			'sort_order' => isset($_REQUEST['sort_order']) ? intval($_REQUEST['sort_order']) : 0
 		];
@@ -1196,12 +1214,41 @@ class PlaneController extends PublicController
 			return;
 		}
 
-		$where['id'] = intval($_REQUEST['id']);
+		// 验证ID参数
+		$id = intval($_REQUEST['id']);
+		if ($id <= 0) {
+			echo json_encode(['status' => 0, 'msg' => '无效的ID参数']);
+			return;
+		}
+
+		// 验证必填字段
+		if (isset($_REQUEST['name']) && trim($_REQUEST['name']) === '') {
+			echo json_encode(['status' => 0, 'msg' => '样式名称不能为空']);
+			return;
+		}
+
+		if (isset($_REQUEST['url']) && trim($_REQUEST['url']) === '') {
+			echo json_encode(['status' => 0, 'msg' => '样式URL不能为空']);
+			return;
+		}
+
+		// URL格式验证
+		if (isset($_REQUEST['url'])) {
+			$url = is_array($_REQUEST['url']) ? current($_REQUEST['url']) : $_REQUEST['url'];
+			if (!filter_var($url, FILTER_VALIDATE_URL)) {
+				echo json_encode(['status' => 0, 'msg' => '无效的URL格式']);
+				return;
+			}
+		}
+
+		$where['id'] = $id;
 		$data = [];
+
 		// 可更新字段
 		if (isset($_REQUEST['name'])) $data['name'] = $_REQUEST['name'];
 		if (isset($_REQUEST['sprite'])) $data['sprite'] = $_REQUEST['sprite'];
 		if (isset($_REQUEST['glyphs'])) $data['glyphs'] = $_REQUEST['glyphs'];
+
 		if (isset($_REQUEST['url'])) {
 			$url = is_array($_REQUEST['url']) ? current($_REQUEST['url']) : $_REQUEST['url'];
 			$data['url'] = $url;
@@ -1213,6 +1260,7 @@ class PlaneController extends PublicController
 			$data['url'] = $url;
 			$data['tiles'] = is_array($tiles) ? json_encode($tiles) : $tiles;
 		}
+
 		if (isset($_REQUEST['is_active'])) $data['is_active'] = intval($_REQUEST['is_active']);
 		if (isset($_REQUEST['sort_order'])) $data['sort_order'] = intval($_REQUEST['sort_order']);