From 42e5788d403e6c9fc2eb9ecac36f5b5d7c4787a6 Mon Sep 17 00:00:00 2001 From: RenzoL Date: Wed, 12 Jan 2022 16:01:25 +0100 Subject: [PATCH] Aggiunti caratteri di escape se nel campo Note vengono inseriti i caratteri \, ', ", % --- NewKeyPage/NewKeyPageVM.vb | 4 ++-- NewLicencePage/NewLicencePageVM.vb | 12 ++++++------ NewResellerPage/NewResellerPageVM.vb | 3 ++- SearchKeyPage/SearchKeyPageVM.vb | 2 +- UpdateKeyPage/UpdateKeyPageVM.vb | 4 +++- UpdateLicencePage/UpdateLicencePageVM.vb | 12 ++++++------ UpdateResellerPage/UpdateResellerPageVM.vb | 2 +- 7 files changed, 21 insertions(+), 18 deletions(-) diff --git a/NewKeyPage/NewKeyPageVM.vb b/NewKeyPage/NewKeyPageVM.vb index 6a349d3..65c0c6a 100644 --- a/NewKeyPage/NewKeyPageVM.vb +++ b/NewKeyPage/NewKeyPageVM.vb @@ -260,7 +260,7 @@ Public Class NewKeyPageVM " '" & m_LockID & "', " & " '" & SelState.ToString() & "', " & " '" & Format(KeyDate, "yyyy-MM-dd") & "', " & - " '" & m_Note & "', " & + " '" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "', " & " '" & m_Seriale & "')" Else Query = "INSERT INTO " & DB_KEY & " (" & DB_NUMBER & ", " & DB_ISDONGLE & ", " & DB_LOCKID & ", " & DB_STATE & ", " & DB_DATE & ", " & DB_NOTE & ", " & DB_SERIALE & ")" & @@ -269,7 +269,7 @@ Public Class NewKeyPageVM " '" & m_LockID & "', " & " '" & SelState.ToString() & "', " & " '" & Format(KeyDate, "yyyy-MM-dd") & "', " & - " '" & m_Note & "', " & + " '" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "', " & " '" & m_Seriale & "')" End If ManageDb.ExecuteQuery(Query) diff --git a/NewLicencePage/NewLicencePageVM.vb b/NewLicencePage/NewLicencePageVM.vb index 9aea2ad..8254898 100644 --- a/NewLicencePage/NewLicencePageVM.vb +++ b/NewLicencePage/NewLicencePageVM.vb @@ -625,7 +625,7 @@ Public Class NewLicencePageVM Dim textLic As String = File.ReadAllText(Path.ChangeExtension(fileName.Replace("\", "\\"), ".lic")) If String.IsNullOrEmpty(NestKey) Or String.IsNullOrWhiteSpace(NestKey) Then - Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & + Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & DB_PRODUCTDEADLINE & ", " & DB_OPTION1 & ", " & DB_OPTION2 & ", " & DB_OPTIONDEADLINE & ", " & DB_LOCKID & ", " & DB_FILE & ", " & DB_DATE & ", " & DB_LICFILE & ", " & DB_NOTE & ")" & @@ -640,9 +640,9 @@ Public Class NewLicencePageVM "'" & fileName.Replace("\", "\\") & "', " & "'" & Format(LicenseDate, "yyyy-MM-dd") & "', " & "'" & textLic & "', " & - "'" & m_Note & "')" - Else - Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & + "'" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "')" + Else + Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & DB_PRODUCTDEADLINE & ", " & DB_OPTION1 & ", " & DB_OPTION2 & ", " & DB_OPTIONDEADLINE & ", " & DB_LOCKID & ", " & DB_FILE & ", " & DB_DATE & ", " & DB_LICFILE & ", " & DB_NOTE & ", " & @@ -658,10 +658,10 @@ Public Class NewLicencePageVM "'" & fileName.Replace("\", "\\") & "', " & "'" & Format(LicenseDate, "yyyy-MM-dd") & "', " & "'" & textLic & "', " & - "'" & m_Note & "', " & + "'" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "', " & "'" & m_NestKey & "', " & "Date('" & (String.Format("{0:yyyy-MM-dd}", NestDeadline)) & "')" & ")" - End If + End If ManageDb.ExecuteQuery(Query) Catch ex As Exception diff --git a/NewResellerPage/NewResellerPageVM.vb b/NewResellerPage/NewResellerPageVM.vb index c12bdff..fa5463b 100644 --- a/NewResellerPage/NewResellerPageVM.vb +++ b/NewResellerPage/NewResellerPageVM.vb @@ -120,7 +120,8 @@ Public Class NewResellerPageVM ' Aggiungo un rivenditore al Db Dim Query As String = "INSERT INTO " & DB_RESELLER & " (" & DB_RESELLERNAME & ", " & DB_NOTE & ")" & - " VALUES ('" & m_Name & "', '" & m_Note & "')" + " VALUES ('" & m_Name & "', '" & + m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "')" ManageDb.ExecuteQuery(Query) ' Manage the MainWindow_Unloaded event. This method is invoked by the cmdMainWindow_Unloaded. diff --git a/SearchKeyPage/SearchKeyPageVM.vb b/SearchKeyPage/SearchKeyPageVM.vb index 16ed1f6..d2b1be6 100644 --- a/SearchKeyPage/SearchKeyPageVM.vb +++ b/SearchKeyPage/SearchKeyPageVM.vb @@ -243,7 +243,7 @@ Public Class SearchKeyPageVM End If If Not String.IsNullOrWhiteSpace(Note) Then EvalWhere(bFirstWhere, Query) - Query &= DB_NOTE & " LIKE '%" & Note & "%' " + Query &= DB_NOTE & " LIKE '%" & Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "%' " End If If Not String.IsNullOrWhiteSpace(Seriale) Then EvalWhere(bFirstWhere, Query) diff --git a/UpdateKeyPage/UpdateKeyPageVM.vb b/UpdateKeyPage/UpdateKeyPageVM.vb index 5022506..69ce76f 100644 --- a/UpdateKeyPage/UpdateKeyPageVM.vb +++ b/UpdateKeyPage/UpdateKeyPageVM.vb @@ -322,7 +322,9 @@ Public Class UpdateKeyPageVM End If If Not IsNothing(Note) Then ' Aggiorno tabella Key con KeyDate scelto - Dim Query As String = "UPDATE " & DB_KEY & " SET " & DB_NOTE & " = '" & m_Note & "' WHERE " & DB_LOCKID & " = '" & Key.LockID & "' " + Dim Query As String = "UPDATE " & DB_KEY & + " SET " & DB_NOTE & " = '" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & + "' WHERE " & DB_LOCKID & " = '" & Key.LockID & "' " Query = Query.TrimEnd(","c, " "c) ManageDb.ExecuteQuery(Query) diff --git a/UpdateLicencePage/UpdateLicencePageVM.vb b/UpdateLicencePage/UpdateLicencePageVM.vb index 7c06571..f3be896 100644 --- a/UpdateLicencePage/UpdateLicencePageVM.vb +++ b/UpdateLicencePage/UpdateLicencePageVM.vb @@ -771,7 +771,7 @@ Public Class UpdateLicencePageVM End If If Not IsNothing(Note) Then EvalWhere(bFirstWhere, Query) - Query &= DB_NOTE & " = '" & m_Note & "' " + Query &= DB_NOTE & " = '" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "' " End If ' Alla fine in ogni caso aggiorniamo anche NestKey e NestDeadline @@ -903,7 +903,7 @@ Public Class UpdateLicencePageVM Dim textLic As String = File.ReadAllText(Path.ChangeExtension(FilePath.Replace("\", "\\"), ".lic")) If String.IsNullOrEmpty(NestKey) Or String.IsNullOrWhiteSpace(NestKey) Then - Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & + Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & DB_PRODUCTDEADLINE & ", " & DB_OPTION1 & ", " & DB_OPTION2 & ", " & DB_OPTIONDEADLINE & ", " & DB_LOCKID & ", " & DB_FILE & ", " & DB_DATE & ", " & DB_LICFILE & ", " & DB_NOTE & ")" & @@ -918,8 +918,8 @@ Public Class UpdateLicencePageVM "'" & FilePath.Replace("\", "\\") & "', " & "'" & Format(LicenseDate, "yyyy-MM-dd") & "', " & "'" & textLic & "', " & - "'" & m_Note & "')" - Else + "'" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "')" + Else Query = "INSERT INTO " & DB_LICENCE & " (" & DB_PRODUCTID & ", " & DB_PRODUCTVERSION & ", " & DB_PRODUCTLEVEL & ", " & DB_PRODUCTDEADLINE & ", " & DB_OPTION1 & ", " & DB_OPTION2 & ", " & DB_OPTIONDEADLINE & ", " & DB_LOCKID & ", " & DB_FILE & ", " & @@ -932,11 +932,11 @@ Public Class UpdateLicencePageVM "'" & nDecOption1 & "', " & "'" & nDecOption2 & "', " & "Date('" & (String.Format("{0:yyyy-MM-dd}", OptionDeadline)) & "'), " & - "'" & LockID & "', " & + "'" & LockId & "', " & "'" & FilePath.Replace("\", "\\") & "', " & "'" & Format(LicenseDate, "yyyy-MM-dd") & "', " & "'" & textLic & "', " & - "'" & m_Note & "', " & + "'" & m_Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "', " & "'" & m_NestKey & "', " & "Date('" & (String.Format("{0:yyyy-MM-dd}", NestDeadline)) & "')" & ")" End If diff --git a/UpdateResellerPage/UpdateResellerPageVM.vb b/UpdateResellerPage/UpdateResellerPageVM.vb index cd953bd..03c21e5 100644 --- a/UpdateResellerPage/UpdateResellerPageVM.vb +++ b/UpdateResellerPage/UpdateResellerPageVM.vb @@ -130,7 +130,7 @@ Public Class UpdateResellerPageVM End If If Not String.IsNullOrWhiteSpace(Note) Then EvalWhere(bFirstWhere, Query) - Query &= DB_NOTE & " = '" & Note & "' " + Query &= DB_NOTE & " = '" & Note.Replace("\", "\\").Replace("'", "\'").Replace("""", "\""").Replace("%", "\%") & "' " End If Query &= "WHERE " & DB_RESELLERID & " = " & IdToUpdate Query = Query.TrimEnd(","c, " "c)