From fe5e9208a3c21f91ec79e1193e06b8a10c0f100e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Sun, 11 Oct 2015 09:42:32 +0200
Subject: [PATCH 1/6] Use transactions for SQL updates

---
 ChangeLog                    |  4 ++++
 src/controller/KissCount.hpp |  4 ++--
 src/model/Database.cpp       |  2 +-
 src/model/Database.hpp       | 27 ++++++++++++++++-----------
 src/view/wxUI.cpp            |  1 -
 5 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index acde2ed..f6f9b8e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+v0.6 (11/10/2015)
+** Dev **
+	Use transactions for SQL updates
+
 v0.5 (19/06/2015)
 ** User **
 	Add tag management
diff --git a/src/controller/KissCount.hpp b/src/controller/KissCount.hpp
index 14ee33e..7e3ebbf 100644
--- a/src/controller/KissCount.hpp
+++ b/src/controller/KissCount.hpp
@@ -1,5 +1,5 @@
 /*
-  Copyright 2010-2012 Grégory Soutadé
+  Copyright 2010-2015 Grégory Soutadé
 
   This file is part of KissCount.
 
@@ -30,7 +30,7 @@
 
 #include <view/wxUI.hpp>
 
-#define APP_VERSION "0.5"
+#define APP_VERSION "0.6"
 
 #define ESCAPE_CHARS(s) s = s.replace("\"", " ");
 // #define ESCAPE_CHARS(s) s = s.replace("\"", "\\\""); s = s.replace("\'", "\\\'");
diff --git a/src/model/Database.cpp b/src/model/Database.cpp
index a433410..af155c6 100644
--- a/src/model/Database.cpp
+++ b/src/model/Database.cpp
@@ -1,5 +1,5 @@
 /*
-  Copyright 2010-2012 Grégory Soutadé
+  Copyright 2010-2015 Grégory Soutadé
 
   This file is part of KissCount.
 
diff --git a/src/model/Database.hpp b/src/model/Database.hpp
index 817e78d..be6ec13 100644
--- a/src/model/Database.hpp
+++ b/src/model/Database.hpp
@@ -49,6 +49,7 @@
 
 #define EXECUTE_SQL_UPDATE_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \
     do {								\
+	_db.transaction();						\
 	QSqlQuery query;						\
 	if (!query.exec(req))						\
 	{								\
@@ -56,22 +57,26 @@
 	    std::cerr << __FUNCTION__ << " " << __FILE__ << " " << __LINE__ << "\n" ; \
 	    std::cerr << req.toStdString() << "\n" ;			\
 	    std::cerr << query.lastError().text().toStdString() << "\n" ; \
+	    _db.rollback();						\
+	    code_if_fail;						\
+	    return return_value;					\
+	}								\
+	_db.commit();							\
+    } while(0);
+
+#define EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \
+    do {								\
+	if (!query.exec(req))						\
+	{								\
+	    QMessageBox::critical(0, _("Error"), _("Query failed !\n") + req); \
+	    std::cerr << __FUNCTION__ << "\n" ;				\
+	    std::cerr << req.toStdString() << "\n" ;			\
+	    std::cerr << query.lastError().text().toStdString() << "\n" ; \
 	    code_if_fail;						\
 	    return return_value;					\
 	}								\
     } while(0);
 
-#define EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \
-    if (!query.exec(req))						\
-    {									\
-	QMessageBox::critical(0, _("Error"), _("Query failed !\n") + req); \
-	std::cerr << __FUNCTION__ << "\n" ;				\
-	std::cerr << req.toStdString() << "\n" ;			\
-	std::cerr << query.lastError().text().toStdString() << "\n" ;	\
-	code_if_fail;							\
-	return return_value;						\
-    }									\
-
 #define EXECUTE_SQL_QUERY(req, return_value) EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, {}, {})
 
 #define EXECUTE_SQL_UPDATE(req, return_value) EXECUTE_SQL_UPDATE_WITH_CODE(req, return_value, {}, {})
diff --git a/src/view/wxUI.cpp b/src/view/wxUI.cpp
index c31dd6d..5672a34 100644
--- a/src/view/wxUI.cpp
+++ b/src/view/wxUI.cpp
@@ -310,7 +310,6 @@ void wxUI::ChangeUser()
     }
     catch (UsersDialog::ExceptionNewUser e)
     {
-
     }
 }
 

From 41261cf95f8b9e8671f20810f04d8ecb34e473d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Thu, 5 Nov 2015 18:06:21 +0100
Subject: [PATCH 2/6] Set autofocus attribute to user in index.php

---
 ChangeLog     | 5 ++++-
 www/index.php | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f6f9b8e..87cc39a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,7 @@
-v0.6 (11/10/2015)
+v0.6 (05/11/2015)
+** User **
+	Set autofocus attribute to user in index.php
+
 ** Dev **
 	Use transactions for SQL updates
 
diff --git a/www/index.php b/www/index.php
index 54a77ca..5059dbd 100755
--- a/www/index.php
+++ b/www/index.php
@@ -55,7 +55,7 @@ if (!isset($_SESSION["user"]))
         $users = GetUsers();
         echo "<center><h1>KissCount</h1><br /><br/>\n";
         echo "<form id=\"login\" method=\"post\" action='index.php'>\n";
-        echo "Login : <select name=\"user\">\n";
+        echo "Login : <select name=\"user\" autofocus>\n";
         foreach($users as $i => $name)
             echo "<option value=\"$name\">$name</option>\n";
         echo "</select><br /><br />\n";
@@ -63,7 +63,7 @@ if (!isset($_SESSION["user"]))
         echo "<input type=\"submit\" value=\"Connect\"/>\n";
         echo "</form></center>\n";
         echo "<br /><br />\n";
-        echo "<center><a href=\"http://indefero.soutade.fr/p/kisscount\">KissCount</a> &copy; 2010-2012 Grégory Soutadé</center>\n";
+        echo "<center><a href=\"http://indefero.soutade.fr/p/kisscount\">KissCount</a> &copy; 2010-2015 Grégory Soutadé</center>\n";
         die();
     }
     else

From ed1886fe46b4207fd597bda944ee93165e39bf4b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Sun, 22 May 2016 16:00:16 +0200
Subject: [PATCH 3/6] Fix French translation

---
 resources/po/french.po     |   4 ++--
 resources/po/french.qm     | Bin 16934 -> 16944 bytes
 resources/po/kisscount.pot |   8 ++++----
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/resources/po/french.po b/resources/po/french.po
index 072171e..d5f7034 100644
--- a/resources/po/french.po
+++ b/resources/po/french.po
@@ -11,7 +11,7 @@ msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Content-Transfer-Encoding: 8bit\n"
 "X-Poedit-SourceCharset: utf-8\n"
-"X-Generator: Poedit 1.7.6\n"
+"X-Generator: Poedit 1.8.7.1\n"
 
 # SOME DESCRIPTIVE TITLE.
 # Copyright (C) YEAR THE PACKAGE'S COPYRIGHT HOLDER
@@ -621,7 +621,7 @@ msgstr "Nouveau mot de passe"
 
 #: src/view/grid/GridAccount.cpp:124
 msgid "No Tag"
-msgstr "Pas de tag"
+msgstr "Pas d'étiquette"
 
 #: src/view/ExportPanel.cpp:95 src/view/SearchPanel.cpp:154
 msgid "No entry found"
diff --git a/resources/po/french.qm b/resources/po/french.qm
index 20550ae1f2df6eab4f2f004e33861e61ac1323d9..19141dc2b434a011b5009a57a535c3ca91e6867b 100644
GIT binary patch
delta 678
zcmWlWYe-XJ7{~u-+q<(fH-|ErQ}ZNR({h_fv!&tfLn?)(fgw`S{YHXhN*4pO6<+eP
z-V!w}QK>K1l-Y$sNKvw&a9JPvFzhxp3j7d#2*Y~(^n>$0=l%cR-*e9`47-K)1ZfCh
zULa+~W0$2xpsEqb^m|HO$|P8GEnvR|cE6n_!iisrey~>)z-9-;m<$>|PTWRp^^D2F
zc2B^W=fU2dT$<QN<is`{%bWsCXK>=&Um)WSsv0`!4=?H(f`AZ(y2%7!Z9lF){Z8Mr
zc#)7JSa^$2AZ4oAz*%795)TMAp@lP*EG4R!J@0`ni`=d%5Yl+HYL^nv4pfu@i5;w|
zvIGz>u<M2C)c!HM5xfZ``&egI8j$X1w^y?rZvI;(TVvR0J~fE#XA_bC0M|!tMA9s<
zsh-=_7HPk>`R5?@o!~`kOW2Y&&_yj1QbqF=d2p=Z)oNQ@zu0}+3}`yVp*$6^HD7!|
z=AeHk&RiiYDLH&hZBrI>_3jTq$YovQ^lNHSqifRrqMR9B+aMX*P_FB%tpie3#6Cb7
z<q;Z}@R=8BWMP3<Xl&La`gJ?p<RMC*68;B>SM(=KDaRSjA82e+uKr>6Cpvw?0~%Qx
z3CS)@q=sJ3m{ST5>B&AsuL$xi=8~=%cJFDW<T8GV*^<nLxdAdB{njvlo@}K~8|E*r
zve>XvSx>z}jneaE+Tb{U!<@<wV_VQf-VYlGd+*ZTMvT+r-+-i-#`zNB`Y*<1|1ep!
zhK9}3&Xi(q*X9UbUZJ&E<4oO6dO$a4@<kp6(mG6!PSG8%a^9<r5o&zTv`(8Ci((u^
N72g>d=Mx>W`9B`iz)k=F

delta 688
zcmWlWZAep57{~v2+qt`UZY^yxSK^FTbLHHwrc2AW52+BARz^iZMfQe*q=K1&=_KDu
z*YU$NCGjOGv<!>HFiJEn=+&YRG3{+a(6<T-qk8;uf82APbDsbCJ;Pq%npbGG$vptO
z1-O6soK|@bC~W{zrhNq-WelvT3UD@o4YX2)MEp#g2759AB-x;iOs3+4#H~cHZ`>+m
z_yVrX3pmi3K^41*oLGlrDN}&)G)`3f0g~HLTJNV5{iv=F0>VmEPuhU!9@LF~rS$}!
zE2Ikseo@Gl-D=ib25boOfM6GDIa68XDD|T64X|mBJ5||&gO{szC>D08crOss%o<Db
z0c|B~&Pk;7gY0s!4T!zY{HX~*;xxOm)H|+{|5RBmVeC#8C5Y-_6A}La&kHf!F$-+0
z;7+w!-YqtL>!ZA*JXdWF4T^zwN@<JNnx@D@+zMW<wy*YUJBmzz#;+aBQ~{f}Xdfz*
zfbO;SWi458C-QN%T?t4v-nT%=d8uLMDWxcq8l~^l=dsk%M~2qtN!?Y|fbxsjO}xRw
zH6Gy|&(&Ck058_qE&FwAw|U9Ka-BQuH?T(0oh+a}u24RtvCB!in`s|tcZdfxR(T*K
zEhmN&_H)KuvJ}#pc7$H>o~JU8T&3T+=Mr_^&d)KsL#LnbCF84}>le<Dt@sD}g|kb{
z(*G@~p<Eh+d_R^Zc#l70F6E=4C1@n?`wV?uS7~my4Kt6v0FH6PLOyZbC&S{aVX|mk
z7CK8aQ?j^IOc(ljv1qoKjUA0TK$<s>L=*xE&BnW@=nhXF?-C=0qLDGtWe+zY4~J2T
SXdFc$eaq<Y_=pr2WBLz_?Z21+

diff --git a/resources/po/kisscount.pot b/resources/po/kisscount.pot
index 2eae29f..5a93414 100644
--- a/resources/po/kisscount.pot
+++ b/resources/po/kisscount.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2015-06-20 17:48+0200\n"
+"POT-Creation-Date: 2016-05-22 15:59+0200\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@@ -582,7 +582,7 @@ msgstr ""
 msgid "Language successfully changed, please go to another panel"
 msgstr ""
 
-#: src/view/wxUI.cpp:319
+#: src/view/wxUI.cpp:318
 msgid "Licenced under GNU GPL v3"
 msgstr ""
 
@@ -690,7 +690,7 @@ msgstr ""
 msgid "Password changed"
 msgstr ""
 
-#: src/view/wxUI.cpp:319
+#: src/view/wxUI.cpp:318
 msgid "Personal accounting software"
 msgstr ""
 
@@ -702,7 +702,7 @@ msgstr ""
 msgid "Preferences"
 msgstr ""
 
-#: src/view/wxUI.cpp:324
+#: src/view/wxUI.cpp:323
 msgid "Quit KissCount ?"
 msgstr ""
 

From 992516d9724bcb68c833e1b491651a06b09e648b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Fri, 9 Sep 2016 17:38:11 +0200
Subject: [PATCH 4/6] Fix a bug : Crash when use of a tag in a new operation.
 Tag must not be taken in account for op_complete.

---
 ChangeLog                     | 3 +++
 src/view/grid/GridAccount.cpp | 2 --
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 87cc39a..b28f754 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ v0.6 (05/11/2015)
 ** Dev **
 	Use transactions for SQL updates
 
+** Bugs **
+	Crash when use of a tag in a new operation
+
 v0.5 (19/06/2015)
 ** User **
 	Add tag management
diff --git a/src/view/grid/GridAccount.cpp b/src/view/grid/GridAccount.cpp
index 278bdbc..c8e9efe 100644
--- a/src/view/grid/GridAccount.cpp
+++ b/src/view/grid/GridAccount.cpp
@@ -1043,10 +1043,8 @@ void GridAccount::OnOperationModified(int row, int col)
 	}
 	catch (User::TagNotFound e)
 	{
-	    op_complete++;
 	    setItem(row, TAG, new QTableWidgetItem(""));
 	}
-        op_complete--;
     }
 
     value = item(row, ACCOUNT)->text();

From fe359302730f78f15ae954276097a94fc4a433fc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Sat, 8 Oct 2016 20:05:01 +0200
Subject: [PATCH 5/6] Use prepared query for value replacement allowing to use
 non escaped characters

---
 ChangeLog                     |   3 +-
 src/model/Database.cpp        | 137 ++++++++++++++++++++++++----------
 src/model/Database.hpp        |  35 ++++++++-
 src/view/grid/GridAccount.cpp |  16 +++-
 4 files changed, 146 insertions(+), 45 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index b28f754..88fab23 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,10 @@
-v0.6 (05/11/2015)
+v0.6 (08/10/2016)
 ** User **
 	Set autofocus attribute to user in index.php
 
 ** Dev **
 	Use transactions for SQL updates
+	Use prepared query for value replacement allowing to use non escaped characters
 
 ** Bugs **
 	Crash when use of a tag in a new operation
diff --git a/src/model/Database.cpp b/src/model/Database.cpp
index af155c6..50a14f4 100644
--- a/src/model/Database.cpp
+++ b/src/model/Database.cpp
@@ -1,5 +1,5 @@
 /*
-  Copyright 2010-2015 Grégory Soutadé
+  Copyright 2010-2016 Grégory Soutadé
 
   This file is part of KissCount.
 
@@ -171,7 +171,10 @@ bool Database::IsValidUser(const QString& user, const QString& password)
 {
     QSqlQuery query(_db);
 
-    EXECUTE_SQL_QUERY(QString("SELECT name FROM user WHERE name='%1' AND password='%2'").arg(user, HashPassword(password)), false);
+    query.prepare("SELECT name FROM user WHERE name=:id AND password=:password");
+    query.bindValue(":id", user);
+    query.bindValue(":password", HashPassword(password));
+    EXECUTE_PREPARED_SQL_QUERY(false);
 
     return query.next();
 }
@@ -239,7 +242,9 @@ User* Database::LoadUser(const QString& name)
 
     std::vector<Account>::iterator it;
 
-    EXECUTE_SQL_QUERY(QString("SELECT * FROM user WHERE name='%1'").arg(name), 0);
+    query.prepare("SELECT * FROM user WHERE name=:name");
+    query.bindValue(":name", name);
+    EXECUTE_PREPARED_SQL_QUERY(0);
 
     if (!query.next())
         return 0;
@@ -570,14 +575,18 @@ void Database::UpdateOperation(User* user, Operation& op, bool checkTransfert)
 
     ESCAPE_CHARS(op.description);
 
-    req = "UPDATE operation SET parent='%1', account='%2', year='%3', month='%4', day='%5', amount='%6', description=\"%7\", category='%8', tag='%9'" ;
+    req = "UPDATE operation SET parent='%1', account='%2', year='%3', month='%4', day='%5', amount='%6', description=:description, category='%8', tag='%9'" ;
     req = req.arg((op.parent) ? QString::number(op.parent) : "", QString::number(op.account), QString::number(op.year), QString::number(op.month), 
-		  QString::number(op.day), v.sprintf("%d", op.amount), op.description, QString::number(op.category), QString::number(op.tag));
-    req += ", fix_cost='%1', checked='%2', transfert='%3', meta='%4', virtual='%5', formula='%6' WHERE id='%7'";
+		  QString::number(op.day), v.sprintf("%d", op.amount), QString::number(op.category), QString::number(op.tag));
+    req += ", fix_cost='%1', checked='%2', transfert='%3', meta='%4', virtual='%5', formula=:formula WHERE id='%7'";
     req = req.arg(QString::number(op.fix_cost), QString::number(op.checked), (op.transfert) ? QString::number(op.transfert): "", 
-		  QString::number(op.meta), QString::number(op._virtual), op.formula, QString::number(op.id));
+		  QString::number(op.meta), QString::number(op._virtual), QString::number(op.id));
 
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":description", op.description);
+    query.bindValue(":formula", op.formula);
+
+    EXECUTE_PREPARED_SQL_UPDATE();
 
     if (checkTransfert)
 	LinkOrUnlinkOperation(user, op);
@@ -592,14 +601,18 @@ int Database::AddOperation(User* user, Operation& op, bool checkTransfert)
 
     ESCAPE_CHARS(op.description);
 
-    req = "INSERT INTO operation ('user', 'parent', 'account', 'year', 'month', 'day', 'amount', 'description', 'category', 'tag', 'fix_cost', 'formula', 'transfert', 'meta', 'virtual', 'checked') VALUES ('%1', '%2', '%3', '%4', '%5', '%6', '%7', \"%8\"" ;
+    req = "INSERT INTO operation ('user', 'parent', 'account', 'year', 'month', 'day', 'amount', 'description', 'category', 'tag', 'fix_cost', 'formula', 'transfert', 'meta', 'virtual', 'checked') VALUES ('%1', '%2', '%3', '%4', '%5', '%6', '%7', :description" ;
     req = req.arg(QString::number(user->_id), (op.parent) ? QString::number(op.parent): "", QString::number(op.account), QString::number(op.year), 
-		  QString::number(op.month), QString::number(op.day), v.sprintf("%d", op.amount), op.description);
-    req += ", '%1', '%2', '%3', '%4', '%5', '%6', '%7', '%8')";
-    req = req.arg(QString::number(op.category), QString::number(op.tag), QString::number(op.fix_cost), op.formula, (op.transfert) ? QString::number(op.transfert): "", 
+		  QString::number(op.month), QString::number(op.day), v.sprintf("%d", op.amount));
+    req += ", '%1', '%2', '%3', :formula, '%4', '%5', '%6', '%7')";
+    req = req.arg(QString::number(op.category), QString::number(op.tag), QString::number(op.fix_cost), (op.transfert) ? QString::number(op.transfert): "", 
 		  QString::number(op.meta), QString::number(op._virtual), QString::number(op.checked));
+
+    query.prepare(req);
+    query.bindValue(":description", op.description);
+    query.bindValue(":formula", op.formula);
 	    
-    if (!query.exec(req))
+    if (!query.exec())
     {
 	QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req);
 	return 0;
@@ -841,9 +854,12 @@ void Database::AddSharedAccount(Account& ac, const QString& granted)
     QSqlRecord set;
     QSqlQuery query(_db);
 
-    req = QString("SELECT id FROM user WHERE name='%1'").arg(granted);
+    req = QString("SELECT id FROM user WHERE name=:name");
 
-    EXECUTE_SQL_QUERY(req, );
+    query.prepare(req);
+    query.bindValue(":name", granted);
+
+    EXECUTE_PREPARED_SQL_QUERY();
 
     query.next();
 
@@ -907,7 +923,7 @@ int Database::AddCategory(User* user, Category& category)
     req = "INSERT INTO category ('user', 'parent', 'name', 'backcolor', 'forecolor', 'font', 'fix_cost') VALUES ('" ;
     req += QString::number(user->_id) + "'";
     req += ", '" + QString::number(category.parent) + "'";
-    req += ", '" + category.name + "'";
+    req += ", :name";
     req += ", '" + backcolor + "'";
     req += ", '" + forecolor + "'";
     req += ", '" + category.font + "'";
@@ -916,8 +932,11 @@ int Database::AddCategory(User* user, Category& category)
     else
 	req += ", '0'";
     req += ")";
-	    
-    if (!query.exec(req))
+
+    query.prepare(req);
+    query.bindValue(":name", category.name);
+    
+    if (!query.exec())
     {
 	QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req);
 	std::cerr << __FUNCTION__ << "\n" ;
@@ -933,6 +952,7 @@ void Database::UpdateCategory(Category& category)
 {
     QString req, tmp;
     QString backcolor, forecolor;
+    QSqlQuery query(_db);
 
     backcolor = "#" ;
     tmp = QString::number(category.backcolor.red(), 16);
@@ -958,7 +978,7 @@ void Database::UpdateCategory(Category& category)
 
     req = "UPDATE category SET" ;
     req += " parent='" + QString::number(category.parent) + "'";
-    req += ", name='" + category.name + "'";
+    req += ", name=:name";
     req += ", backcolor='" + backcolor + "'";
     req += ", forecolor='" + forecolor + "'";
     req += ", font='" + category.font + "'";
@@ -968,7 +988,9 @@ void Database::UpdateCategory(Category& category)
 	req += ", fix_cost='0'";
     req += " WHERE id='" + QString::number(category.id) + "'";
 
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":name", category.name);
+    EXECUTE_PREPARED_SQL_UPDATE();
 }
 
 void Database::DeleteCategory(User* user, Category& category, int replacement)
@@ -1004,11 +1026,17 @@ bool Database::LoadCategory(int id, const QString& name, Category& category)
     bool ret = false ;
 
     if (id)
+    {
 	req = QString("SELECT * FROM category WHERE id='%1'").arg(id);
+	EXECUTE_SQL_QUERY(req, false);
+    }
     else
-	req = QString("SELECT * FROM category WHERE name='%1'").arg(name);
-	
-    EXECUTE_SQL_QUERY(req, false);
+    {
+	req = QString("SELECT * FROM category WHERE name=:name");
+	query.prepare(req);
+	query.bindValue(":name", name);
+	EXECUTE_PREPARED_SQL_QUERY(false);
+    }
 
     if (query.next())
     {
@@ -1030,10 +1058,13 @@ int Database::AddTag(User* user, Tag& tag)
 
     req = "INSERT INTO tag ('user', 'name') VALUES ('" ;
     req += QString::number(user->_id) + "'";
-    req += ", '" + tag.name + "'";
+    req += ", :name";
     req += ")";
-	    
-    if (!query.exec(req))
+
+    query.prepare(req);
+    query.bindValue(":name", tag.name);
+
+    if (!query.exec())
     {
 	QMessageBox::critical(0, _("Error"), _("Update failed !\n") + req);
 	std::cerr << __FUNCTION__ << "\n" ;
@@ -1048,12 +1079,16 @@ int Database::AddTag(User* user, Tag& tag)
 void Database::UpdateTag(Tag& tag)
 {
     QString req;
+    QSqlQuery query(_db);
 
     req = "UPDATE tag SET" ;
-    req += "name='" + tag.name + "'";
+    req += "name=:name";
     req += " WHERE id='" + QString::number(tag.id) + "'";
 
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":name", tag.name);
+
+    EXECUTE_PREPARED_SQL_UPDATE();
 }
 
 void Database::DeleteTag(User* user, Tag& tag, int replacement)
@@ -1078,11 +1113,17 @@ bool Database::LoadTag(int id, const QString& name, Tag& tag)
     bool ret = false ;
 
     if (id)
+    {
 	req = QString("SELECT * FROM tag WHERE id='%1'").arg(id);
+	EXECUTE_SQL_QUERY(req, false);
+    }
     else
-	req = QString("SELECT * FROM tag WHERE name='%1'").arg(name);
-	
-    EXECUTE_SQL_QUERY(req, false);
+    {
+	req = QString("SELECT * FROM tag WHERE name=:name");
+	query.prepare(req);
+	query.bindValue(":name", name);
+	EXECUTE_PREPARED_SQL_QUERY(false);
+    }
 
     if (query.next())
     {
@@ -1225,10 +1266,15 @@ void Database::GenerateMonth(User* user, int monthFrom, int yearFrom, int monthT
 void Database::ChangePassword(User* user, const QString& password)
 {
     QString req;
+    QSqlQuery query(_db);
 
-    req = QString("UPDATE user SET password='%1' WHERE name='%2'").arg(HashPassword(password), user->_name) ;
+    req = QString("UPDATE user SET password=:password WHERE name=:name");
 
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":name", user->_name);
+    query.bindValue(":password", HashPassword(password));
+
+    EXECUTE_PREPARED_SQL_UPDATE();
 }
 
 bool Database::UserExists(const QString& name)
@@ -1238,9 +1284,12 @@ bool Database::UserExists(const QString& name)
     QString req;
     bool res=false;
 
-    req = QString("SELECT name FROM user WHERE name='%1'").arg(name);
+    req = QString("SELECT name FROM user WHERE name=:name");
 
-    EXECUTE_SQL_QUERY(req, false);
+    query.prepare(req);
+    query.bindValue(":name", name);
+
+    EXECUTE_PREPARED_SQL_QUERY(false);
 
     if (query.next())
         res = true;
@@ -1255,19 +1304,29 @@ bool Database::UserExists(const QString& name)
 void Database::ChangeName(User* user, const QString& name)
 {
     QString req;
+    QSqlQuery query(_db);
 
-    req = QString("UPDATE user SET name='%1' WHERE name='%2'").arg(name, user->_name) ;
+    req = QString("UPDATE user SET name=:name WHERE name=:name2");
 
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":name", name);
+    query.bindValue(":name2", user->_name);
+
+    EXECUTE_PREPARED_SQL_UPDATE();
 }
 
 void Database::NewUser(const QString& name)
 {
     QString req;
+    QSqlQuery query(_db);
 
-    req = QString("INSERT INTO user ('name', 'password') VALUES ('%1', '%2')").arg(name, HashPassword("")) ;
+    req = QString("INSERT INTO user ('name', 'password') VALUES (:name, :password)");
 	    
-    EXECUTE_SQL_UPDATE(req, );
+    query.prepare(req);
+    query.bindValue(":name", name);
+    query.bindValue(":password", HashPassword(""));
+
+    EXECUTE_PREPARED_SQL_UPDATE();
 }
 
 /*
diff --git a/src/model/Database.hpp b/src/model/Database.hpp
index be6ec13..770330e 100644
--- a/src/model/Database.hpp
+++ b/src/model/Database.hpp
@@ -1,5 +1,5 @@
 /*
-  Copyright 2010-2012 Grégory Soutadé
+  Copyright 2010-2016 Grégory Soutadé
 
   This file is part of KissCount.
 
@@ -64,6 +64,22 @@
 	_db.commit();							\
     } while(0);
 
+#define EXECUTE_PREPARED_SQL_UPDATE_WITH_CODE(return_value, code_if_fail, code_if_syntax_fail) \
+    do {								\
+	_db.transaction();						\
+	if (!query.exec())						\
+	{								\
+	    QMessageBox::critical(0, _("Error"), _("Update failed !\n")); \
+	    std::cerr << __FUNCTION__ << " " << __FILE__ << " " << __LINE__ << "\n" ; \
+	    std::cerr << query.lastQuery().toStdString() << "\n" ;			\
+	    std::cerr << query.lastError().text().toStdString() << "\n" ; \
+	    _db.rollback();						\
+	    code_if_fail;						\
+	    return return_value;					\
+	}								\
+	_db.commit();							\
+    } while(0);
+
 #define EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, code_if_fail, code_if_syntax_fail) \
     do {								\
 	if (!query.exec(req))						\
@@ -77,10 +93,27 @@
 	}								\
     } while(0);
 
+#define EXECUTE_PREPARED_SQL_QUERY_WITH_CODE(return_value, code_if_fail, code_if_syntax_fail) \
+    do {								\
+	if (!query.exec())						\
+	{								\
+	    QMessageBox::critical(0, _("Error"), _("Query failed !\n")); \
+	    std::cerr << __FUNCTION__ << "\n" ;				\
+	    std::cerr << query.lastQuery().toStdString() << "\n" ;			\
+	    std::cerr << query.lastError().text().toStdString() << "\n" ; \
+	    code_if_fail;						\
+	    return return_value;					\
+	}								\
+    } while(0);
+
 #define EXECUTE_SQL_QUERY(req, return_value) EXECUTE_SQL_QUERY_WITH_CODE(req, return_value, {}, {})
 
 #define EXECUTE_SQL_UPDATE(req, return_value) EXECUTE_SQL_UPDATE_WITH_CODE(req, return_value, {}, {})
 
+#define EXECUTE_PREPARED_SQL_UPDATE(return_value) EXECUTE_PREPARED_SQL_UPDATE_WITH_CODE(return_value, {}, {})
+
+#define EXECUTE_PREPARED_SQL_QUERY(return_value) EXECUTE_PREPARED_SQL_QUERY_WITH_CODE(return_value, {}, {})
+
 class KissCount;
 class User;
 
diff --git a/src/view/grid/GridAccount.cpp b/src/view/grid/GridAccount.cpp
index c8e9efe..dd0af56 100644
--- a/src/view/grid/GridAccount.cpp
+++ b/src/view/grid/GridAccount.cpp
@@ -1,5 +1,5 @@
 /*
-  Copyright 2010-2012 Grégory Soutadé
+  Copyright 2010-2016 Grégory Soutadé
 
   This file is part of KissCount.
 
@@ -913,7 +913,7 @@ void GridAccount::OnOperationModified(int row, int col)
 {
     User* user = _kiss->GetUser();
     Operation new_op, cur_op, op_tmp, op_tmp2;
-    int op_complete = 6;
+    int op_complete = 6, new_op_id;
     QString value, v ;
     QDate date;
     bool need_insertion = false, transfertCompleted = false;
@@ -1111,12 +1111,20 @@ void GridAccount::OnOperationModified(int row, int col)
     	new_op._virtual = false;
 	new_op.parent = 0;
 
+        new_op_id = _kiss->AddOperation(new_op);
+
+	if (!new_op_id)
+	{
+	    _inModification = false ;
+	    return;
+	}
+
 	RemoveRow(new_op, row, false);
 	NULLop.id = 0;
 	InsertOperation(user, NULLop, row, new_op.fix_cost, _curMonth, _curYear);
 
-        new_op.id = _kiss->AddOperation(new_op);
-
+	new_op.id = new_op_id;
+	
 	if (transfertCompleted)
 	    _transfertCompletionIndex = (_transfertCompletionIndex + 1) % 2;
     }

From 23829bdf707145abbed03fe63c7380b7d6e521b5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Gr=C3=A9gory=20Soutad=C3=A9?= <soutade@gmail.com>
Date: Sat, 8 Oct 2016 20:28:52 +0200
Subject: [PATCH 6/6] package.sh was broken due to parsing errors in
 debian/changelog

---
 ChangeLog        | 1 +
 debian/changelog | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 88fab23..4653025 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@ v0.6 (08/10/2016)
 ** Dev **
 	Use transactions for SQL updates
 	Use prepared query for value replacement allowing to use non escaped characters
+	package.sh was broken due to parsing errors in debian/changelog
 
 ** Bugs **
 	Crash when use of a tag in a new operation
diff --git a/debian/changelog b/debian/changelog
index 24c2de4..fe268e7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,5 @@
-kisscount (0.5-1) unstable; urgency=low
+kisscount (0.6-1) unstable; urgency=low
 
   * Initial release
 
- -- Grégory Soutadé <soutade@gmail.com>  Mon, 10 June 2013 13:13:52 +0100
+ -- Grégory Soutadé <soutade@gmail.com>  Sat, 8 Oct 2016 20:26:00 +0200