msmith 01/05/03 21:23:06
Modified: src/stores/slidestore/reference JDBCDescriptorsStore.java
Log:
Revamp of the JDBC descriptor store to use PreparedStatement instead of
Statement.
This is needed because slide allows pretty much anything in URI's, in
properties, etc. Directly using Statements doesn't allow escaping special
characters in these, whereas PreparedStatements escape anything that is
needed automatically.
Needs more testing, but seems reliable.
Revision Changes Path
1.12 +256 -209
jakarta-slide/src/stores/slidestore/reference/JDBCDescriptorsStore.java
Index: JDBCDescriptorsStore.java
===================================================================
RCS file:
/home/cvs/jakarta-slide/src/stores/slidestore/reference/JDBCDescriptorsStore.java,v
retrieving revision 1.11
retrieving revision 1.12
diff -u -r1.11 -r1.12
--- JDBCDescriptorsStore.java 2001/03/24 05:10:05 1.11
+++ JDBCDescriptorsStore.java 2001/05/04 04:23:05 1.12
@@ -1,7 +1,7 @@
/*
- * $Header:
/home/cvs/jakarta-slide/src/stores/slidestore/reference/JDBCDescriptorsStore.java,v
1.11 2001/03/24 05:10:05 remm Exp $
- * $Revision: 1.11 $
- * $Date: 2001/03/24 05:10:05 $
+ * $Header:
/home/cvs/jakarta-slide/src/stores/slidestore/reference/JDBCDescriptorsStore.java,v
1.12 2001/05/04 04:23:05 msmith Exp $
+ * $Revision: 1.12 $
+ * $Date: 2001/05/04 04:23:05 $
*
* ====================================================================
*
@@ -84,7 +84,7 @@
* JDBC 1.0 and 2.0 compliant store implementation.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Remy Maucherat</a>
- * @version $Revision: 1.11 $
+ * @version $Revision: 1.12 $
*/
public class JDBCDescriptorsStore
@@ -529,15 +529,15 @@
throws ServiceAccessException, ObjectNotFoundException {
ObjectNode result = null;
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = "select * from objects where uri='" + uri + "'";
+ statement = connection.prepareStatement(
+ "select * from objects where uri= ?");
+ statement.setString(1, uri.toString());
- statement.execute(s);
- ResultSet res = statement.getResultSet();
+ ResultSet res = statement.executeQuery();
// Parsing result set
@@ -552,9 +552,10 @@
}
// Then, retrieve the children
- s = "select * from children where uri='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from children where uri= ?");
+ statement.setString(1,uri.toString());
+ res = statement.executeQuery();
Vector childrenVector = new Vector();
@@ -564,9 +565,10 @@
childrenVector.addElement(res.getString(CHILDREN_CHILDURI));
}
- s = "select * from links where linkto='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from links where linkto= ?");
+ statement.setString(1,uri.toString());
+ res = statement.executeQuery();
Vector linksVector = new Vector();
@@ -579,9 +581,10 @@
if(className.equals("org.apache.slide.structure.LinkNode")) {
String linkTo = new String();
- s = "select * from links where link='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from links where link= ?");
+ statement.setString(1,uri.toString());
+ res = statement.executeQuery();
if(res.next())
linkTo = res.getString(LINKS_LINKTO);
@@ -632,15 +635,14 @@
public void storeObject(Uri uri, ObjectNode object)
throws ServiceAccessException, ObjectNotFoundException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
-
- String s = "select * from objects where uri='" + uri + "'";
+ statement = connection.prepareStatement(
+ "select * from objects where uri= ?");
+ statement.setString(1, uri.toString());
- statement.execute(s);
- ResultSet res = statement.getResultSet();
+ ResultSet res = statement.executeQuery();
// Parsing result set
@@ -649,13 +651,18 @@
}
// Updating children
- s = "delete from children where uri='" + object.getUri() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from children where uri= ?");
+ statement.setString(1, object.getUri());
+ statement.execute();
+
Enumeration children = object.enumerateChildren();
while (children.hasMoreElements()) {
- s = "insert into children values('" + object.getUri() + "', '"
- + (String) children.nextElement() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into children values(?, ?)");
+ statement.setString(1, object.getUri());
+ statement.setString(2, (String)children.nextElement());
+ statement.execute();
}
// Updating inbound links
@@ -672,13 +679,17 @@
*/
// Updating links
- s = "delete from links where link='" + object.getUri() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from links where link= ?");
+ statement.setString(1, object.getUri());
+ statement.execute();
if (object instanceof LinkNode) {
- s = "insert into links values('" + object.getUri() + "', '"
- + ((LinkNode) object).getLinkedUri() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into links values(?,?)");
+ statement.setString(1, object.getUri());
+ statement.setString(2, ((LinkNode) object).getLinkedUri());
+ statement.execute();
}
res.close();
@@ -704,18 +715,17 @@
public void createObject(Uri uri, ObjectNode object)
throws ServiceAccessException, ObjectAlreadyExistsException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
String className = object.getClass().getName();
- statement = connection.createStatement();
-
- String s = "select * from objects where uri='" + uri + "'";
+ statement = connection.prepareStatement(
+ "select * from objects where uri= ?");
+ statement.setString(1, uri.toString());
- statement.execute(s);
- ResultSet res = statement.getResultSet();
+ ResultSet res = statement.executeQuery();
// Parsing result set
@@ -723,17 +733,21 @@
throw new ObjectAlreadyExistsException(uri.toString());
}
- s = "insert into objects values('" + uri + "', '"
- + className + "')";
+ statement = connection.prepareStatement(
+ "insert into objects values(?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2, className );
- statement.execute(s);
+ statement.execute();
// Inserting children
Enumeration children = object.enumerateChildren();
while (children.hasMoreElements()) {
- s = "insert into children values('" + uri + "', '"
- + (String) children.nextElement() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into children values(?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2, (String) children.nextElement());
+ statement.execute();
}
// Updating inbound links
@@ -749,9 +763,11 @@
// If the object is a link, also store the link information
if (object instanceof LinkNode) {
- s = "insert into links values('" + uri + "', '"
- + ((LinkNode) object).getLinkedUri() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into links values(?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2, ((LinkNode) object).getLinkedUri());
+ statement.execute();
}
res.close();
@@ -775,19 +791,21 @@
public void removeObject(Uri uri, ObjectNode object)
throws ServiceAccessException, ObjectNotFoundException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = null;
// Removing object
- s = "delete from objects where uri='" + object.getUri() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from objects where uri= ?");
+ statement.setString(1,object.getUri());
+ statement.execute();
// Removing children
- s = "delete from children where uri='" + object.getUri() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from children where uri=?");
+ statement.setString(1, object.getUri());
+ statement.execute();
// Removing inbound links
/*
@@ -796,8 +814,10 @@
*/
// Removing links
- s = "delete from links where link='" + object.getUri() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from links where link= ?");
+ statement.setString(1, object.getUri());
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
@@ -814,11 +834,9 @@
public void grantPermission(Uri uri, NodePermission permission)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
-
int inheritable = 0;
if (permission.isInheritable()) {
inheritable = 1;
@@ -829,12 +847,14 @@
negative = 1;
}
- String s = "insert into permissions values('"
- + permission.getObjectUri() + "', '"
- + permission.getSubjectUri() + "', '"
- + permission.getActionUri()
- + "', " + inheritable + ", " + negative + ")";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into permissions values(?,?,?,?,?)");
+ statement.setString(1, permission.getObjectUri());
+ statement.setString(2, permission.getSubjectUri());
+ statement.setString(3, permission.getActionUri());
+ statement.setInt(4, inheritable);
+ statement.setInt(5, negative);
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
} finally {
@@ -853,23 +873,21 @@
public void revokePermission(Uri uri, NodePermission permission)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
-
int inheritable = 0;
if (permission.isInheritable()) {
inheritable = 1;
}
- String s = "delete from permissions where object='"
- + permission.getObjectUri()
- + "' and subject='" + permission.getSubjectUri()
- + "' and action='"
- + permission.getActionUri() + "' and inheritable="
- + inheritable;
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from permissions where object= ? and subject = ? and
action = ? and inheritable = ?");
+ statement.setString(1,permission.getObjectUri());
+ statement.setString(2, permission.getSubjectUri());
+ statement.setString(3, permission.getActionUri());
+ statement.setInt(4, inheritable);
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
} finally {
@@ -888,13 +906,14 @@
public void revokePermissions(Uri uri)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = "delete from permissions where object='" + uri + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from permissions where object= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
} finally {
@@ -914,15 +933,14 @@
throws ServiceAccessException {
Vector permissionVector = new Vector();
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
+ statement = connection.prepareStatement(
+ "select * from permissions where object= ?");
+ statement.setString(1, uri.toString());
+ ResultSet res = statement.executeQuery();
- String s = "select * from permissions where object='" + uri + "'";
- statement.execute(s);
- ResultSet res = statement.getResultSet();
-
while (res.next()) {
boolean inheritable = false;
if (res.getInt(PERMISSIONS_INHERITABLE) == 1) {
@@ -960,11 +978,9 @@
public void putLock(Uri uri, NodeLock lock)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
-
int inheritable = 0;
if (lock.isInheritable()) {
inheritable = 1;
@@ -975,13 +991,17 @@
exclusive = 1;
}
- String s = "insert into locks values('" + lock.getLockId()
- + "', '"
- + lock.getObjectUri() + "', '" + lock.getSubjectUri()
- + "', '" + lock.getTypeUri() + "', '"
- + lock.getExpirationDate().getTime() + "', "
- + inheritable + ", " + exclusive + ")";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into locks values(?,?,?,?,?,?,?)");
+ statement.setString(1, lock.getLockId());
+ statement.setString(2, lock.getObjectUri());
+ statement.setString(3, lock.getSubjectUri());
+ statement.setString(4, lock.getTypeUri());
+ statement.setString(5,
+ String.valueOf(lock.getExpirationDate().getTime()));
+ statement.setInt(6,inheritable);
+ statement.setInt(7, exclusive);
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
} finally {
@@ -1001,12 +1021,10 @@
public void renewLock(Uri uri, NodeLock lock)
throws ServiceAccessException, LockTokenNotFoundException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
-
int inheritable = 0;
if (lock.isInheritable()) {
inheritable = 1;
@@ -1017,18 +1035,23 @@
exclusive = 1;
}
- String s = null;
+ statement = connection.prepareStatement(
+ "delete from locks where id=?");
+ statement.setString(1, lock.getLockId());
+ statement.execute();
+
+ statement = connection.prepareStatement(
+ "insert into locks values(?,?,?,?,?,?,?)");
+ statement.setString(1, lock.getLockId());
+ statement.setString(2, lock.getObjectUri());
+ statement.setString(3, lock.getSubjectUri());
+ statement.setString(4, lock.getTypeUri());
+ statement.setString(5,
+ String.valueOf(lock.getExpirationDate().getTime()));
+ statement.setInt(6, inheritable);
+ statement.setInt(7, exclusive);
+ statement.execute();
- s = "delete from locks where id='" + lock.getLockId() + "'";
- statement.execute(s);
-
- s = "insert into locks values('" + lock.getLockId() + "', '"
- + lock.getObjectUri() + "', '" + lock.getSubjectUri()
- + "', '" + lock.getTypeUri() + "', '"
- + lock.getExpirationDate().getTime() + "', "
- + inheritable + ", " + exclusive + ")";
- statement.execute(s);
-
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
} finally {
@@ -1099,14 +1122,14 @@
throws ServiceAccessException {
Vector lockVector = new Vector();
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = null;
- s = "select * from locks where object='" + uri + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "select * from locks where object= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
ResultSet res = statement.getResultSet();
while (res.next()) {
@@ -1152,12 +1175,10 @@
throws ServiceAccessException, RevisionDescriptorNotFoundException {
NodeRevisionDescriptors revisionDescriptors = null;
- Statement statement = null;
- Statement statement2 = null;
+ PreparedStatement statement = null;
+ PreparedStatement statement2 = null;
try {
- statement = connection.createStatement();
- String s = null;
ResultSet res = null;
NodeRevisionNumber initialRevision = new NodeRevisionNumber();
@@ -1166,9 +1187,10 @@
Hashtable branches = new Hashtable();
boolean isVersioned = false;
- s = "select * from revisions where uri='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from revisions where uri= ?");
+ statement.setString(1, uri.toString());
+ res = statement.executeQuery();
if (res.next()) {
int isVersionedInt = res.getInt(REVISIONS_ISVERSIONED);
@@ -1179,17 +1201,19 @@
throw new RevisionDescriptorNotFoundException(uri.toString());
}
- s = "select * from workingrevision where uri='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from workingrevision where uri= ?");
+ statement.setString(1, uri.toString());
+ res = statement.executeQuery();
while(res.next()) {
// TODO : Parse each working revision definition
}
- s = "select * from latestrevisions where uri='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from latestrevisions where uri=?");
+ statement.setString(1, uri.toString());
+ res = statement.executeQuery();
while(res.next()) {
latestRevisionNumbers
@@ -1198,19 +1222,20 @@
(res.getString(LATESTREVISIONS_NUMBER)));
}
- s = "select * from revision where uri='" + uri + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from revision where uri= ?");
+ statement.setString(1, uri.toString());
+ res = statement.executeQuery();
- statement2 = connection.createStatement();
while(res.next()) {
String currentRevisionNumber = res.getString(REVISION_NUMBER);
// We parse the revision list of the object
- s = "select * from branches where uri='" + uri
- + "' and xnumber='" + currentRevisionNumber + "'";
- statement2.execute(s);
- ResultSet res2 = statement2.getResultSet();
+ statement2 = connection.prepareStatement(
+ "select * from branches where uri = ? and xnumber = ?");
+ statement2.setString(1, uri.toString());
+ statement2.setString(2, currentRevisionNumber);
+ ResultSet res2 = statement2.executeQuery();
Vector childList = new Vector();
while (res2.next()) {
@@ -1254,11 +1279,9 @@
// TODO : Here, we have the option of "cleaning up" before
// creating the new records in the database.
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = null;
ResultSet res = null;
// Creating record in revisions tables
@@ -1268,10 +1291,13 @@
isVersioned = 1;
}
- s = "insert into revisions values('" + uri.toString() + "', "
- + isVersioned + ", '"
- + revisionDescriptors.getInitialRevision() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into revisions values(?,?,?)");
+ statement.setString(1,uri.toString());
+ statement.setInt(2, isVersioned);
+ statement.setString(3,
+ revisionDescriptors.getInitialRevision().toString());
+ statement.execute();
// Creating records in working revisions table
// ... TODO (working revisions are not used for now)
@@ -1280,11 +1306,14 @@
// For now, only the latest revision from the main branch is stored
if (revisionDescriptors.getLatestRevision() != null) {
- s = "insert into latestrevisions values('"
- + uri.toString() + "', '"
- + NodeRevisionDescriptors.MAIN_BRANCH + "', '"
- + revisionDescriptors.getLatestRevision() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into latestrevisions values(?,?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2,
+ NodeRevisionDescriptors.MAIN_BRANCH.toString());
+ statement.setString(3,
+ revisionDescriptors.getLatestRevision().toString());
+ statement.execute();
}
// Creating records in the branches table
@@ -1327,26 +1356,29 @@
public void removeRevisionDescriptors(Uri uri)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
-
- statement = connection.createStatement();
- String s = null;
- s = "delete from revisions where uri='" + uri.toString() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from revisions where uri= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
- s = "delete from workingrevision where uri='" + uri.toString()
- + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from workingrevision where uri= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
- s = "delete from latestrevisions where uri='" + uri.toString()
- + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from latestrevisions where uri= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
- s = "delete from branches where uri='" + uri.toString() + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from branches where uri= ?");
+ statement.setString(1, uri.toString());
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
@@ -1368,12 +1400,13 @@
throws ServiceAccessException, RevisionDescriptorNotFoundException {
NodeRevisionDescriptor revisionDescriptor = null;
- Statement statement = null;
+ PreparedStatement statement = null;
+
+ if(revisionNumber == null)
+ throw new RevisionDescriptorNotFoundException(uri.toString());
try {
- statement = connection.createStatement();
- String s = null;
ResultSet res = null;
String branchName = null;
@@ -1383,10 +1416,11 @@
// Retrieving branch name (and also check that revision
// does indeed exist)
- s = "select * from revision where uri='" + uri + "' and xnumber='"
- + revisionNumber + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from revision where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, revisionNumber.toString());
+ res = statement.executeQuery();
if (res.next()) {
branchName = res.getString(REVISION_BRANCHNAME);
@@ -1396,10 +1430,11 @@
// Retrieve labels
- s = "select * from label where uri='" + uri + "' and xnumber='"
- + revisionNumber + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from label where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, revisionNumber.toString());
+ res = statement.executeQuery();
while (res.next()) {
labels.addElement(res.getString(LABEL_LABEL));
@@ -1407,10 +1442,11 @@
// Retrieve properties
- s = "select * from property where uri='" + uri + "' and xnumber='"
- + revisionNumber + "'";
- statement.execute(s);
- res = statement.getResultSet();
+ statement = connection.prepareStatement(
+ "select * from property where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, revisionNumber.toString());
+ res = statement.executeQuery();
while (res.next()) {
String propertyName = res.getString(PROPERTY_NAME);
@@ -1451,27 +1487,31 @@
(Uri uri, NodeRevisionDescriptor revisionDescriptor)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = null;
ResultSet res = null;
- s = "insert into revision values('" + uri + "', '"
- + revisionDescriptor.getRevisionNumber() + "', '"
- + revisionDescriptor.getBranchName() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into revision values(?, ?, ?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2,
+ revisionDescriptor.getRevisionNumber().toString());
+ statement.setString(3, revisionDescriptor.getBranchName());
+ statement.execute();
// Creating revision labels
Enumeration labels = revisionDescriptor.enumerateLabels();
while (labels.hasMoreElements()) {
- s = "insert into label values('" + uri + "', '"
- + revisionDescriptor.getRevisionNumber() + "', '"
- + (String) labels.nextElement() + "')";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into label values(?,?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2,
+ revisionDescriptor.getRevisionNumber().toString());
+ statement.setString(3, (String)labels.nextElement());
+ statement.execute();
}
// Creating associated properties
@@ -1484,13 +1524,17 @@
if (property.isProtected()) {
protectedProperty = 1;
}
- s = "insert into property values('" + uri + "', '"
- + revisionDescriptor.getRevisionNumber() + "', '"
- + property.getName() + "', '"
- + property.getValue() + "', '"
- + property.getNamespace() + "', '"
- + property.getType() + "', " + protectedProperty + ")";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "insert into property values(?,?,?,?,?,?,?)");
+ statement.setString(1, uri.toString());
+ statement.setString(2,
+ revisionDescriptor.getRevisionNumber().toString());
+ statement.setString(3, property.getName());
+ statement.setString(4, property.getValue().toString());
+ statement.setString(5, property.getNamespace());
+ statement.setString(6, property.getType());
+ statement.setInt(7, protectedProperty);
+ statement.execute();
}
} catch (SQLException e) {
@@ -1531,28 +1575,31 @@
public void removeRevisionDescriptor(Uri uri, NodeRevisionNumber number)
throws ServiceAccessException {
- Statement statement = null;
+ PreparedStatement statement = null;
try {
- statement = connection.createStatement();
- String s = null;
-
- s = "delete from revision where uri='" + uri + "' and xnumber='"
- + number + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from revision where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, number.toString());
+ statement.execute();
// Removing revision labels
- s = "delete from label where uri='" + uri + "' and xnumber='"
- + number + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from label where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, number.toString());
+ statement.execute();
// Removing associated properties
- s = "delete from property where uri='" + uri + "' and xnumber='"
- + number + "'";
- statement.execute(s);
+ statement = connection.prepareStatement(
+ "delete from property where uri= ? and xnumber = ?");
+ statement.setString(1, uri.toString());
+ statement.setString(2, number.toString());
+ statement.execute();
} catch (SQLException e) {
throw new ServiceAccessException(this, e);
