Created
January 24, 2012 11:16
-
-
Save philjones88/1669683 to your computer and use it in GitHub Desktop.
WTF SagePay
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'** Doubles up single quotes to stop breakouts from SQL strings ** | |
Public Shared Function SQLSafe(ByVal strRawText As String) As String | |
Dim strCleanedText As String = "" | |
Dim iCharPos As Integer = 1 | |
Do While iCharPos <= Len(strRawText) | |
'** Double up single quotes, but only if they aren't already doubled ** | |
If Mid(strRawText, iCharPos, 1) = "'" Then | |
strCleanedText = strCleanedText & "''" | |
If iCharPos <> Len(strRawText) Then | |
If Mid(strRawText, iCharPos + 1, 1) = "'" Then iCharPos = iCharPos + 1 | |
End If | |
Else | |
strCleanedText = strCleanedText & Mid(strRawText, iCharPos, 1) | |
End If | |
iCharPos = iCharPos + 1 | |
Loop | |
Return Trim(strCleanedText) | |
End Function | |
'** Update our database with the results from the Notification POST ** | |
strSQL = "UPDATE tblOrders set Status='" & strDBStatus & "'" | |
If Len(strTxAuthNo) > 0 Then strSQL = strSQL & ",TxAuthNo=" & SQLSafe(strTxAuthNo) | |
If Len(strAVSCV2) > 0 Then strSQL = strSQL & ",AVSCV2='" & SQLSafe(strAVSCV2) & "'" | |
If Len(strAddressResult) > 0 Then strSQL = strSQL & ",AddressResult='" & SQLSafe(strAddressResult) & "'" | |
If Len(strPostCodeResult) > 0 Then strSQL = strSQL & ",PostCodeResult='" & SQLSafe(strPostCodeResult) & "'" | |
If Len(strCV2Result) > 0 Then strSQL = strSQL & ",CV2Result='" & SQLSafe(strCV2Result) & "'" | |
If Len(strGiftAid) > 0 Then strSQL = strSQL & ",GiftAid=" & SQLSafe(strGiftAid) | |
If Len(str3DSecureStatus) > 0 Then strSQL = strSQL & ",ThreeDSecureStatus='" & SQLSafe(str3DSecureStatus) & "'" | |
If Len(strCAVV) > 0 Then strSQL = strSQL & ",CAVV='" & SQLSafe(strCAVV) & "'" | |
If Len(strAddressStatus) > 0 Then strSQL = strSQL & ",AddressStatus='" & SQLSafe(strAddressStatus) & "'" | |
If Len(strPayerStatus) > 0 Then strSQL = strSQL & ",PayerStatus='" & SQLSafe(strPayerStatus) & "'" | |
If Len(strCardType) > 0 Then strSQL = strSQL & ",CardType='" & SQLSafe(strCardType) & "'" | |
If Len(strLast4Digits) > 0 Then strSQL = strSQL & ",Last4Digits='" & SQLSafe(strLast4Digits) & "'" | |
strSQL = strSQL & " where VendorTxCode='" & SQLSafe(strVendorTxCode) & "'" | |
objConn = oMySQLConnection() | |
oSQLCommand = New MySqlCommand(strSQL, objConn) | |
oSQLCommand.ExecuteReader() | |
oSQLCommand = Nothing | |
DestroyConnection(objConn) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment