0.9.4

NickFox007 · web-flow · commit 840b4a858499 · 2025-07-17T22:10:03.000+03:00
diff --git a/Bases/Common.cs b/Bases/Common.cs
@@ -26,16 +26,21 @@ private static string ReplaceFirst(this string text, string search, string repla
             return text.Substring(0, pos) + replace + text.Substring(pos + search.Length);
         }
 
-        public static string _PrepareClear(string q, List<string> args)
+        public static string _PrepareClear(string q, List<string> args, Func<string,string> escape_func = null)
         {
             var new_q = q;
-            if(args != null) foreach (var arg in args.ToList())
-            {
-                var new_q2 = ReplaceFirst(new_q, "{ARG}", _PrepareArg(arg));
-
-                if (new_q2 == new_q) throw new Exception("Mailformed query [Too many args in params]");
-                new_q = new_q2;
-            }
+            if(args != null)
+                foreach (string arg in args.ToList())
+                {
+                    var new_q2 = "";
+                    if (escape_func == null)
+                        new_q2 = ReplaceFirst(new_q, "{ARG}", _PrepareArg(arg));
+                    else
+                        new_q2 = ReplaceFirst(new_q, "{ARG}", escape_func(arg));
+
+                    if (new_q2 == new_q) throw new Exception("Mailformed query [Too many args in params]");
+                    new_q = new_q2;
+                }
             if (new_q.Contains("{ARG}")) throw new Exception("Mailformed query [Not enough args in params]");
             return new_q;
         }
@@ -44,23 +49,33 @@ public static string _PrepareArg(string arg)
         {
             if (arg == null) return "";
             
-            var new_arg = arg;
+            //var new_arg = arg;
             
             //string[] escapes = ["'", "\"", "`", "%", "-", "_"];
-            string[] escapes = ["'", "\"", "`", "%", "\\"];
+            string[] escapes = ["\\","'", "\"", "`", "%"];
+            //string[] escapes = ["\\","'", "`", "%"];
 
-            foreach (var escape in escapes)
+            
+
+            //foreach (var escape in escapes)
+            //{
+            var new_arg = "";
+            foreach(var ch in arg)
             {
-                new_arg = new_arg.Replace(escape, $"\\{escape}");
+                if(escapes.Contains(ch.ToString()))
+                    new_arg += "\\";
+                new_arg += ch.ToString();
             }
-            
+                //new_arg = new_arg.Replace(escape, $"\\{escape}");
+                        
             return new_arg;
         }
 
         
         public static List<List<string>> _Query(DbConnection conn, string q, bool non_query)
         {
             if (conn.State != ConnectionState.Open) conn.Open();
+            
             var sql = conn.CreateCommand();
             sql.CommandText = q;
             if (!non_query)
diff --git a/Bases/SQLite.cs b/Bases/SQLite.cs
@@ -46,6 +46,31 @@ private string _FixForSQLite(string q)
             return q.Replace("PRIMARY KEY AUTO_INCREMENT", "PRIMARY KEY AUTOINCREMENT").Replace("UNIX_TIMESTAMP()", "UNIXEPOCH()");
         }
 
+        public static string _PrepareArg(string arg)
+        {
+            if (arg == null) return "";
+
+            //var new_arg = arg;
+
+            //string[] escapes = ["'", "\"", "`", "%", "-", "_"];
+            string[] escapes = ["\\",  "`", "%"];
+            //string[] escapes = ["\\","'", "`", "%"];
+
+
+
+            //foreach (var escape in escapes)
+            //{
+            var new_arg = "";
+            foreach (var ch in arg)
+            {
+                if (escapes.Contains(ch.ToString()))
+                    new_arg += "\\";
+                new_arg += ch.ToString();
+            }
+            //new_arg = new_arg.Replace(escape, $"\\{escape}");
+
+            return new_arg.Replace("\"","\"\"").Replace("'","''");
+        }
 
         public List<List<string>> Query(string q, List<string> args = null, bool non_query = false)
         {
@@ -58,12 +83,13 @@ public List<List<string>> Query(string q, List<string> args = null, bool non_que
                 }
             }    
 
-            return Common.Query(dbConn, Common._PrepareClear(_FixForSQLite(q), args), non_query);
+            return Common.Query(dbConn, Common._PrepareClear(_FixForSQLite(q), args, _PrepareArg), non_query);
         }
 
         public void QueryAsync(string q, List<string> args, Action<List<List<string>>> action = null, bool non_query = false)
         {
-            Common.QueryAsync(dbConn, Common._PrepareClear(_FixForSQLite(q), args), action, non_query, false);
+            Common.QueryAsync(dbConn, Common._PrepareClear(_FixForSQLite(q), args, _PrepareArg), action, non_query, false);
+            
         }
         /*
         public void QueryDapperAsync(Type type, string q, List<string> args = null, Action<object> action = null)
