From f59d42fb553ea873c44bccf6ee680e319699c10f Mon Sep 17 00:00:00 2001
From: Manuel Soulier <manuel.soulier@insee.fr>
Date: Mon, 20 Nov 2023 12:46:56 +0100
Subject: [PATCH] fix: bind variables in familleNormeDao

---
 .../arc/web/gui/all/util/VObjectService.java  | 14 +++-----
 .../dao/GererFamilleNormeDao.java             | 32 +++++++++++--------
 2 files changed, 23 insertions(+), 23 deletions(-)

diff --git a/arc-web/src/main/java/fr/insee/arc/web/gui/all/util/VObjectService.java b/arc-web/src/main/java/fr/insee/arc/web/gui/all/util/VObjectService.java
index 15a0f2e7e..0e3e46673 100644
--- a/arc-web/src/main/java/fr/insee/arc/web/gui/all/util/VObjectService.java
+++ b/arc-web/src/main/java/fr/insee/arc/web/gui/all/util/VObjectService.java
@@ -946,18 +946,12 @@ private void buildFilterDate(int headerIndex, ArcPreparedStatementBuilder s, Lis
 			// on découpe suivant les OU
 			String[] listeOR = conditionAND.split(FILTER_OR);
 			for (String condtionOR : listeOR) {
-				s.append(" to_date(" + headersDLabel.get(headerIndex) + "::text, " + s.quoteText(morceauReq[0]) + ")"); // cast
-																														// database
-																														// column
-																														// to
-																														// the
-																														// searched
-																														// date
-																														// format
+				s.append(" to_date(" + headersDLabel.get(headerIndex) + "::text, " + s.quoteText(morceauReq[0]) + ")");
+				// cast database column to the searched date format
 				s.append(condtionOR.trim().substring(0, 1)); // operator
 				s.append(" to_date(" + s.quoteText(condtionOR.trim().substring(1)) + "," + s.quoteText(morceauReq[0])
-						+ ") "); // cast condition expression to the
-									// searched date format
+						+ ") ");
+				// cast condition expression to the searched date format
 				s.append(expressionOR);
 			}
 			// on retire les dernier OR
diff --git a/arc-web/src/main/java/fr/insee/arc/web/gui/famillenorme/dao/GererFamilleNormeDao.java b/arc-web/src/main/java/fr/insee/arc/web/gui/famillenorme/dao/GererFamilleNormeDao.java
index 12ccf7f7f..78b52a43b 100644
--- a/arc-web/src/main/java/fr/insee/arc/web/gui/famillenorme/dao/GererFamilleNormeDao.java
+++ b/arc-web/src/main/java/fr/insee/arc/web/gui/famillenorme/dao/GererFamilleNormeDao.java
@@ -245,21 +245,22 @@ public void execQueryDeleteVariableMetier(VObject viewVariableMetier, String idF
 
 	public void execQueryAddVariableMetier(VObject viewVariableMetier, String idFamilleSelected) throws ArcException {
 		
-		StringBuilder query = new StringBuilder();
+		ArcPreparedStatementBuilder query = new ArcPreparedStatementBuilder();
 		query.append(addNonExistingVariableMetierWithoutSync(viewVariableMetier));
 		query.append(
 				GererFamilleNormeDao.querySynchronizeRegleWithVariableMetier(idFamilleSelected));
-		UtilitaireDao.get(0).executeBlock(null, query);
+		UtilitaireDao.get(0).executeRequest(null, query);
 	}
 
-	private static String querySynchronizeRegleWithVariableMetier(String idFamille) {
+	private static ArcPreparedStatementBuilder querySynchronizeRegleWithVariableMetier(String idFamille) {
 		StringBuilder requeteListeSupprRegleMapping = requeteListeSupprRegleMapping(idFamille);
 		StringBuilder requeteListeAddRegleMapping = requeteListeAddRegleMapping(idFamille);
 
-		StringBuilder requete = new StringBuilder();
+		ArcPreparedStatementBuilder requete = new ArcPreparedStatementBuilder();
 		requete.append(requeteListeAddRegleMapping.toString() + ";\n");
 		requete.append(requeteListeSupprRegleMapping.toString() + ";");
-		return requete.toString();
+		
+		return requete;
 	}
 
 	/**
@@ -531,8 +532,10 @@ private String addExistingVariableMetierWithoutSync(VObject viewVariableMetier,
 	 * @param message
 	 * @throws ArcException
 	 */
-	private String addNonExistingVariableMetierWithoutSync(VObject viewVariableMetier) throws ArcException {
-		StringBuilder requete = new StringBuilder();
+	private ArcPreparedStatementBuilder addNonExistingVariableMetierWithoutSync(VObject viewVariableMetier) throws ArcException {
+		
+		ArcPreparedStatementBuilder requete = new ArcPreparedStatementBuilder();
+		
 		boolean blank = true;
 		for (int i = NUMBER_OF_COLUMN_TABLE_VARIABLE_METIER; i < viewVariableMetier.getInputFields().size(); i++) {
 			if (StringUtils.isNotBlank(viewVariableMetier.getInputFields().get(i))) {
@@ -547,19 +550,22 @@ private String addNonExistingVariableMetierWithoutSync(VObject viewVariableMetie
 
 				checkIsValide(viewVariableMetier.getInputFields());
 
+				ArcPreparedStatementBuilder values = new ArcPreparedStatementBuilder();
+				
 				requete.append("INSERT INTO " + ViewEnum.IHM_MOD_VARIABLE_METIER.getFullName() + " (");
-				StringBuilder values = new StringBuilder();
+
 				for (int j = 0; j < NUMBER_OF_COLUMN_TABLE_VARIABLE_METIER; j++) {
 					if (j > 0) {
 						requete.append(", ");
 						values.append(", ");
 					}
 					requete.append(viewVariableMetier.getHeadersDLabel().get(j));
-					values.append("'" + viewVariableMetier.getInputFields().get(j) + "'::"
-							+ viewVariableMetier.getHeadersDType().get(j));
+					values.append(values.quoteText(viewVariableMetier.getInputFields().get(j))+ "::"	+ viewVariableMetier.getHeadersDType().get(j));
 				}
-				requete.append(", nom_table_metier) VALUES ("
-						+ values.append(", '" + viewVariableMetier.getHeadersDLabel().get(i)) + "'::text);\n");
+				requete.append(", nom_table_metier) VALUES (");
+				values.append("," + values.quoteText(viewVariableMetier.getHeadersDLabel().get(i)) + "::text);\n");
+				
+				requete.append(values);
 
 			}
 		}
@@ -568,7 +574,7 @@ private String addNonExistingVariableMetierWithoutSync(VObject viewVariableMetie
 			throw new ArcException(ArcExceptionMessage.GUI_FAMILLENORME_VARIABLE_NO_TARGET_TABLE);
 		}
 
-		return requete.toString();
+		return requete;
 	}
 
 	/**