From d2ffb266db4fd06391c57a50950ac34721700f97 Mon Sep 17 00:00:00 2001
From: unknown <JurTI-BR>
Date: Fri, 28 Mar 2025 15:22:10 -0300
Subject: [PATCH] =?UTF-8?q?fix(data-consult):=20corrige=20uso=20de=20bind?=
 =?UTF-8?q?=20variables=20incompat=C3=ADveis=20com=20Oracle?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Substitui REGEXP_REPLACE com bind variables por pré-processamento do filtro no backend
- Evita erro ORA-01036 ao utilizar parâmetros posicionais (?) em conjunto com funções Oracle
- Garante segurança e compatibilidade com TypeORM e driver Oracle
---
 src/data-consult/data-consult.repository.ts | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

diff --git a/src/data-consult/data-consult.repository.ts b/src/data-consult/data-consult.repository.ts
index b19e770..d1571dd 100644
--- a/src/data-consult/data-consult.repository.ts
+++ b/src/data-consult/data-consult.repository.ts
@@ -110,6 +110,10 @@ export class DataConsultRepository {
   }
 
   async findProducts(filter: string): Promise<ProductDto[]> {
+    const cleanFilter = filter.replace(/[^\d]/g, '');
+    const likeFilter = filter + '%';
+    const codAux = filter.replace(/[^\d]/g, '');
+  
     const queries = [
       {
         sql: `
@@ -117,10 +121,10 @@ export class DataConsultRepository {
                  PCPRODUT.CODPROD || ' - ' || PCPRODUT.DESCRICAO ||
                  ' ( ' || REGEXP_REPLACE(PCPRODUT.CODAUXILIAR, '[^0-9]', '') || ' )' as "description"
             FROM PCPRODUT
-           WHERE PCPRODUT.CODPROD = REGEXP_REPLACE(?, '[^0-9]', '')
+           WHERE PCPRODUT.CODPROD = ?
            ORDER BY PCPRODUT.DESCRICAO
         `,
-        params: [filter],
+        params: [cleanFilter],
       },
       {
         sql: `
@@ -128,10 +132,10 @@ export class DataConsultRepository {
                  PCPRODUT.CODPROD || ' - ' || PCPRODUT.DESCRICAO ||
                  ' ( ' || REGEXP_REPLACE(PCPRODUT.CODAUXILIAR, '[^0-9]', '') || ' )' as "description"
             FROM PCPRODUT
-           WHERE PCPRODUT.CODAUXILIAR = REGEXP_REPLACE(?, '[^0-9]', '')
+           WHERE PCPRODUT.CODAUXILIAR = ?
            ORDER BY PCPRODUT.DESCRICAO
         `,
-        params: [filter],
+        params: [codAux],
       },
       {
         sql: `
@@ -142,17 +146,17 @@ export class DataConsultRepository {
            WHERE PCPRODUT.DESCRICAO LIKE ?
            ORDER BY PCPRODUT.DESCRICAO
         `,
-        params: [filter + '%'],
+        params: [likeFilter],
       },
     ];
-
+  
     for (const { sql, params } of queries) {
       const result = await this.executeQuery<ProductDto[]>(sql, params);
       if (result.length > 0) {
         return result;
       }
     }
-
+  
     return [];
   }
-}
+}  
\ No newline at end of file