diff --git a/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs b/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
index 73bed1a..8d064a0 100755
--- a/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
+++ b/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
@@ -211,6 +211,7 @@ namespace MarketData.DataAccess
if (null != sqlConnection) sqlConnection.Close();
}
}
+
public static Headlines GetHeadlines(String symbol,DateTime dateTime)
{
MySqlConnection sqlConnection = null;
@@ -255,6 +256,7 @@ namespace MarketData.DataAccess
if (null != sqlConnection) sqlConnection.Close();
}
}
+
public static Headlines GetHeadlines(DateTime dateTime)
{
MySqlConnection sqlConnection = null;
@@ -298,6 +300,7 @@ namespace MarketData.DataAccess
if (null != sqlConnection) sqlConnection.Close();
}
}
+
public static bool InsertHeadlines(Headlines headlines)
{
MySqlCommand sqlCommand=null;
@@ -330,6 +333,14 @@ namespace MarketData.DataAccess
if(null!=sqlConnection) sqlConnection.Close();
}
}
+
+ ///
+ /// InsertHeadline - This is now parameterized. The MySql driver should handle all escaping etc.,
+ ///
+ ///
+ ///
+ ///
+ ///
private static bool InsertHeadline(Headline headline,MySqlConnection sqlConnection,MySqlTransaction sqlTransaction)
{
MySqlCommand sqlCommand=null;
@@ -338,17 +349,14 @@ namespace MarketData.DataAccess
try
{
if (null == headline || null == headline.Symbol || null==headline.Entry) return false;
- StringBuilder sb = new StringBuilder();
- sb.Append("insert into Headlines(symbol,asof,headline,source,modified) values(");
- sb.Append(SqlUtils.AddQuotes(headline.Symbol)).Append(",");
- sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlDate(headline.Date))).Append(",");
- sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Entry))).Append(",");
- sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Source))).Append(",");
- if(Utility.IsEpoch(headline.Modified))sb.Append(SqlUtils.AddQuotes(SqlUtils.ToSqlDateTime(DateTime.Now)));
- else sb.Append(SqlUtils.AddQuotes(SqlUtils.ToSqlDateTime(headline.Modified)));
- sb.Append(")");
- strQuery = sb.ToString();
+ strQuery = @"INSERT INTO Headlines (symbol, asof, headline, source, modified) VALUES (@symbol, @asof, @headline, @source, @modified)";
sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+ sqlCommand.Parameters.AddWithValue("@symbol", headline.Symbol);
+ sqlCommand.Parameters.AddWithValue("@asof", headline.Date);
+ sqlCommand.Parameters.AddWithValue("@headline", headline.Entry);
+ sqlCommand.Parameters.AddWithValue("@source", headline.Source);
+ DateTime modified = Utility.IsEpoch(headline.Modified) ? DateTime.Now : headline.Modified;
+ sqlCommand.Parameters.AddWithValue("@modified", modified);
sqlCommand.CommandTimeout = SqlUtils.COMMAND_TIMEOUT;
sqlCommand.ExecuteNonQuery();
return true;
@@ -356,7 +364,7 @@ namespace MarketData.DataAccess
catch (Exception exception)
{
MDTrace.WriteLine(LogLevel.DEBUG,exception);
- MDTrace.WriteLine(LogLevel.DEBUG,String.Format("Query was '{0}'",strQuery));
+ SqlUtils.LogCommandParameters(strQuery, sqlCommand);
return false;
}
finally
@@ -364,36 +372,32 @@ namespace MarketData.DataAccess
if(null!=sqlCommand)sqlCommand.Dispose();
}
}
+
+ ///
+ /// HeadlineExists - The now uses parameterized arguments now. The driver will handle escaping etc.,
+ ///
+ ///
+ ///
+ ///
+ ///
private static bool HeadlineExists(Headline headline,MySqlConnection sqlConnection,MySqlTransaction sqlTransaction)
{
- MySqlDataReader sqlDataReader=null;
- MySqlCommand sqlCommand=null;
- String strQuery = null;
-
try
{
if (null == headline || null == headline.Symbol) return false;
- StringBuilder sb = new StringBuilder();
- sb.Append("select count(*) from headlines where ");
- sb.Append(" asof=").Append(SqlUtils.AddQuotes(SqlUtils.SqlDate(headline.Date))).Append(" and ");
- sb.Append(" headline=").Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Entry)));
- strQuery = sb.ToString();
- sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+ string strQuery = @"SELECT count(*) FROM headlines WHERE asof = @asof AND headline = @headline";
+ using MySqlCommand sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+ sqlCommand.Parameters.AddWithValue("@asof", headline.Date);
+ sqlCommand.Parameters.AddWithValue("@headline", headline.Entry); // This will handle proper escaping of characters etc.,
sqlCommand.CommandTimeout = SqlUtils.COMMAND_TIMEOUT;
- sqlDataReader=sqlCommand.ExecuteReader();
- if(!sqlDataReader.Read())return false;
- return 0==sqlDataReader.GetInt32(0)?false:true;
+ int result = Convert.ToInt32(sqlCommand.ExecuteScalar());
+ return 0!=result;
}
catch (Exception exception)
{
MDTrace.WriteLine(LogLevel.DEBUG,exception);
return false;
}
- finally
- {
- if(null!=sqlCommand)sqlCommand.Dispose();
- if(null!=sqlDataReader){sqlDataReader.Close();sqlDataReader.Dispose();}
- }
}
}
}
diff --git a/MarketData/MarketDataLib/Utility/SQLUtils.cs b/MarketData/MarketDataLib/Utility/SQLUtils.cs
index 9c07492..35dcafc 100755
--- a/MarketData/MarketDataLib/Utility/SQLUtils.cs
+++ b/MarketData/MarketDataLib/Utility/SQLUtils.cs
@@ -232,6 +232,7 @@ namespace MarketData.Utils
{
return addQuotes?AddQuotes(Utility.DateTimeToStringYYYYHMMHDDHHMMSSTT(dateTime)):Utility.DateTimeToStringYYYYHMMHDDHHMMSSTT(dateTime);
}
+
public static String SqlString(String value,bool addQuotes=false)
{
StringBuilder sb=new StringBuilder();
@@ -242,9 +243,23 @@ namespace MarketData.Utils
}
return addQuotes?AddQuotes(sb.ToString()):sb.ToString();
}
+
public static String ToSqlString(String value)
{
return SqlString(value,true);
}
+
+ public static void LogCommandParameters(String strQuery, MySqlCommand sqlCommand)
+ {
+ try
+ {
+ String paramLog = string.Join(", ", sqlCommand.Parameters.Cast().Select(p => $"{p.ParameterName}='{p.Value}'"));
+ MDTrace.WriteLine(LogLevel.DEBUG, $"Query: {sqlCommand.CommandText} | Parameters: {paramLog}");
+ }
+ catch
+ {
+ MDTrace.WriteLine(LogLevel.DEBUG, "Failed to log query parameters.");
+ }
+ }
}
}