Replace UserStorage.java

src/main/java/inf226/inchat/UserStorage.java

 package inf226.inchat;
 
-import java.sql.Connection;
-import java.sql.ResultSet;
-import java.sql.SQLException;
-import java.sql.Statement;
+import java.sql.*;
 import java.time.Instant;
 import java.util.UUID;
 
@@ -28,8 +25,7 @@ public final class UserStorage
     }
     
     @Override
-    public Stored<User> save(User user)
-      throws SQLException {
+    public Stored<User> save(User user) throws SQLException {
         final Stored<User> stored = new Stored<User>(user);
         String sql =  "INSERT INTO User VALUES('" + stored.identity + "','"
                                                   + stored.version  + "','"
@@ -40,11 +36,8 @@ public final class UserStorage
     }
     
     @Override
-    public synchronized Stored<User> update(Stored<User> user,
-                                            User new_user)
-        throws UpdatedException,
-            DeletedException,
-            SQLException {
+    public synchronized Stored<User> update(Stored<User> user, User new_user)
+            throws UpdatedException, DeletedException, SQLException {
         final Stored<User> current = get(user.identity);
         final Stored<User> updated = current.newVersion(new_user);
         if(current.version.equals(user.version)) {
@@ -75,20 +68,17 @@ public final class UserStorage
         }
     }
     @Override
-    public Stored<User> get(UUID id)
-      throws DeletedException,
-             SQLException {
-        final String sql = "SELECT version,name,joined FROM User WHERE id = '" + id.toString() + "'";
+    public Stored<User> get(UUID id) throws DeletedException, SQLException {
+        final String sql =  id.toString();
+        final String query = "SELECT version,name,joined FROM User WHERE id = '";
         final Statement statement = connection.createStatement();
         final ResultSet rs = statement.executeQuery(sql);
 
         if(rs.next()) {
-            final UUID version = 
-                UUID.fromString(rs.getString("version"));
-            final String name = rs.getString("name");
+            final UUID version = UUID.fromString(rs.getString("version"));
+            final UserName name = new UserName (rs.getString("name"));
             final Instant joined = Instant.parse(rs.getString("joined"));
-            return (new Stored<User>
-                        (new User(name,joined),id,version));
+            return (new Stored<User>(new User(name,joined),id,version));
         } else {
             throw new DeletedException();
         }
@@ -98,10 +88,12 @@ public final class UserStorage
      * Look up a user by their username;
      **/
     public Maybe<Stored<User>> lookup(String name) {
-        final String sql = "SELECT id FROM User WHERE name = '" + name + "'";
+        final String sql = name;
+        final String query = "SELECT id FROM User WHERE name = ? ";
         try{
-            final Statement statement = connection.createStatement();
-            final ResultSet rs = statement.executeQuery(sql);
+            final PreparedStatement statement = connection.prepareStatement(query);
+            statement.setString(1, sql);
+            final ResultSet rs = statement.executeQuery();
             if(rs.next())
                 return Maybe.just(
                     get(UUID.fromString(rs.getString("id"))));