From b20b05de13c1e3cb33f2240ca1c6af21a5f11a86 Mon Sep 17 00:00:00 2001
From: Sean <skessler1964@gmail.com>
Date: Sun, 22 Mar 2026 11:59:37 -0400
Subject: [PATCH] Fix log exceptions processing escape characters in the
 headlines.

---
 .../MarketDataLib/DataAccess/HeadlinesDA.cs   | 62 ++++++++++---------
 MarketData/MarketDataLib/Utility/SQLUtils.cs  | 15 +++++
 2 files changed, 48 insertions(+), 29 deletions(-)
diff --git a/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs b/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
index 73bed1a..8d064a0 100755
--- a/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
+++ b/MarketData/MarketDataLib/DataAccess/HeadlinesDA.cs
@@ -211,6 +211,7 @@ namespace MarketData.DataAccess
         if (null != sqlConnection) sqlConnection.Close();
       }
     }
+
     public static Headlines GetHeadlines(String symbol,DateTime dateTime)
     {
       MySqlConnection sqlConnection = null;
@@ -255,6 +256,7 @@ namespace MarketData.DataAccess
         if (null != sqlConnection) sqlConnection.Close();
       }
     }
+
     public static Headlines GetHeadlines(DateTime dateTime)
     {
       MySqlConnection sqlConnection = null;
@@ -298,6 +300,7 @@ namespace MarketData.DataAccess
         if (null != sqlConnection) sqlConnection.Close();
       }
     }
+
     public static bool InsertHeadlines(Headlines headlines)
     {
 			MySqlCommand sqlCommand=null;
@@ -330,6 +333,14 @@ namespace MarketData.DataAccess
         if(null!=sqlConnection) sqlConnection.Close();
       }
     }
+
+    /// <summary>
+    /// InsertHeadline - This is now parameterized.  The MySql driver should handle all escaping etc.,
+    /// </summary>
+    /// <param name="headline"></param>
+    /// <param name="sqlConnection"></param>
+    /// <param name="sqlTransaction"></param>
+    /// <returns></returns>
     private static bool InsertHeadline(Headline headline,MySqlConnection sqlConnection,MySqlTransaction sqlTransaction)
     {
 			MySqlCommand sqlCommand=null;
@@ -338,17 +349,14 @@ namespace MarketData.DataAccess
       try
       {
         if (null == headline || null == headline.Symbol || null==headline.Entry) return false;
-        StringBuilder sb = new StringBuilder();
-        sb.Append("insert into Headlines(symbol,asof,headline,source,modified) values(");
-        sb.Append(SqlUtils.AddQuotes(headline.Symbol)).Append(",");
-        sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlDate(headline.Date))).Append(",");
-        sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Entry))).Append(",");
-        sb.Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Source))).Append(",");
-        if(Utility.IsEpoch(headline.Modified))sb.Append(SqlUtils.AddQuotes(SqlUtils.ToSqlDateTime(DateTime.Now)));
-        else sb.Append(SqlUtils.AddQuotes(SqlUtils.ToSqlDateTime(headline.Modified)));
-        sb.Append(")");
-        strQuery = sb.ToString();
+        strQuery = @"INSERT INTO Headlines (symbol, asof, headline, source, modified) VALUES (@symbol, @asof, @headline, @source, @modified)";
         sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+        sqlCommand.Parameters.AddWithValue("@symbol", headline.Symbol);
+        sqlCommand.Parameters.AddWithValue("@asof", headline.Date);
+        sqlCommand.Parameters.AddWithValue("@headline", headline.Entry);
+        sqlCommand.Parameters.AddWithValue("@source", headline.Source);
+        DateTime modified = Utility.IsEpoch(headline.Modified) ? DateTime.Now : headline.Modified;
+        sqlCommand.Parameters.AddWithValue("@modified", modified);
         sqlCommand.CommandTimeout = SqlUtils.COMMAND_TIMEOUT;
         sqlCommand.ExecuteNonQuery();
         return true;
@@ -356,7 +364,7 @@ namespace MarketData.DataAccess
       catch (Exception exception)
       {
         MDTrace.WriteLine(LogLevel.DEBUG,exception);
-        MDTrace.WriteLine(LogLevel.DEBUG,String.Format("Query was '{0}'",strQuery));
+        SqlUtils.LogCommandParameters(strQuery, sqlCommand);
         return false;
       }
       finally
@@ -364,36 +372,32 @@ namespace MarketData.DataAccess
 				if(null!=sqlCommand)sqlCommand.Dispose();
       }
     }
+
+    /// <summary>
+    /// HeadlineExists - The now uses parameterized arguments now.  The driver will handle escaping etc.,
+    /// </summary>
+    /// <param name="headline"></param>
+    /// <param name="sqlConnection"></param>
+    /// <param name="sqlTransaction"></param>
+    /// <returns></returns>
     private static bool HeadlineExists(Headline headline,MySqlConnection sqlConnection,MySqlTransaction sqlTransaction)
     {
-      MySqlDataReader sqlDataReader=null;
-			MySqlCommand sqlCommand=null;
-      String strQuery = null;
-
       try
       {
         if (null == headline || null == headline.Symbol) return false;
-        StringBuilder sb = new StringBuilder();
-        sb.Append("select count(*) from headlines where ");
-        sb.Append(" asof=").Append(SqlUtils.AddQuotes(SqlUtils.SqlDate(headline.Date))).Append(" and ");
-        sb.Append(" headline=").Append(SqlUtils.AddQuotes(SqlUtils.SqlString(headline.Entry)));
-        strQuery = sb.ToString();
-        sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+        string strQuery = @"SELECT count(*) FROM headlines WHERE asof = @asof AND headline = @headline";
+        using MySqlCommand sqlCommand = new MySqlCommand(strQuery, sqlConnection, sqlTransaction);
+        sqlCommand.Parameters.AddWithValue("@asof", headline.Date);
+        sqlCommand.Parameters.AddWithValue("@headline", headline.Entry);  // This will handle proper escaping of characters etc.,
         sqlCommand.CommandTimeout = SqlUtils.COMMAND_TIMEOUT;
-        sqlDataReader=sqlCommand.ExecuteReader();
-        if(!sqlDataReader.Read())return false;
-        return 0==sqlDataReader.GetInt32(0)?false:true;
+        int result = Convert.ToInt32(sqlCommand.ExecuteScalar());
+        return 0!=result;
       }
       catch (Exception exception)
       {
         MDTrace.WriteLine(LogLevel.DEBUG,exception);
         return false;
       }
-      finally
-      {
-				if(null!=sqlCommand)sqlCommand.Dispose();
-        if(null!=sqlDataReader){sqlDataReader.Close();sqlDataReader.Dispose();}
-      }
     }
   }
 }
diff --git a/MarketData/MarketDataLib/Utility/SQLUtils.cs b/MarketData/MarketDataLib/Utility/SQLUtils.cs
index 9c07492..35dcafc 100755
--- a/MarketData/MarketDataLib/Utility/SQLUtils.cs
+++ b/MarketData/MarketDataLib/Utility/SQLUtils.cs
@@ -232,6 +232,7 @@ namespace MarketData.Utils
     {
       return addQuotes?AddQuotes(Utility.DateTimeToStringYYYYHMMHDDHHMMSSTT(dateTime)):Utility.DateTimeToStringYYYYHMMHDDHHMMSSTT(dateTime);
     }
+
     public static String SqlString(String value,bool addQuotes=false)
     {
       StringBuilder sb=new StringBuilder();
@@ -242,9 +243,23 @@ namespace MarketData.Utils
       }
       return addQuotes?AddQuotes(sb.ToString()):sb.ToString();
     }
+
     public static String ToSqlString(String value)
     {
       return SqlString(value,true);
     }
+
+    public static void LogCommandParameters(String strQuery, MySqlCommand sqlCommand)
+    {
+      try
+      {
+        String paramLog = string.Join(", ", sqlCommand.Parameters.Cast<MySqlParameter>().Select(p => $"{p.ParameterName}='{p.Value}'"));
+        MDTrace.WriteLine(LogLevel.DEBUG, $"Query: {sqlCommand.CommandText} | Parameters: {paramLog}");
+      }
+      catch
+      {
+        MDTrace.WriteLine(LogLevel.DEBUG, "Failed to log query parameters.");
+      }       
+    }    
   }
 }
