Commit 1188ff02 authored by vehjelmtvedt's avatar vehjelmtvedt
Browse files

USerStorage now use prepared statements

parent 72962be3
package inf226.inchat;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.*;
import java.time.Instant;
import java.util.UUID;
......@@ -31,11 +28,13 @@ public final class UserStorage
public Stored<User> save(User user)
throws SQLException {
final Stored<User> stored = new Stored<User>(user);
String sql = "INSERT INTO User VALUES('" + stored.identity + "','"
+ stored.version + "','"
+ user.name + "','"
+ user.joined.toString() + "')";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("INSERT INTO User VALUES(?,?,?,?");
statement.setObject(1, stored.identity);
statement.setObject(2, stored.version);
statement.setString(3, user.name);
statement.setString(4, user.joined.toString());
statement.executeUpdate();
return stored;
}
......@@ -48,13 +47,13 @@ public final class UserStorage
final Stored<User> current = get(user.identity);
final Stored<User> updated = current.newVersion(new_user);
if(current.version.equals(user.version)) {
String sql = "UPDATE User SET" +
" (version,name,joined) =('"
+ updated.version + "','"
+ new_user.name + "','"
+ new_user.joined.toString()
+ "') WHERE id='"+ updated.identity + "'";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("UPDATE User SET (version,name,joined) =(?,?,?) WHERE id=?");
statement.setObject(1, updated.version);
statement.setString(2, new_user.name);
statement.setString(3, new_user.joined.toString());
statement.setObject(4, updated.identity);
statement.executeUpdate();
} else {
throw new UpdatedException(current);
}
......@@ -68,8 +67,9 @@ public final class UserStorage
SQLException {
final Stored<User> current = get(user.identity);
if(current.version.equals(user.version)) {
String sql = "DELETE FROM User WHERE id ='" + user.identity + "'";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("DELETE FROM User WHERE id =?");
statement.setObject(1, user.identity);
statement.executeUpdate();
} else {
throw new UpdatedException(current);
}
......@@ -78,9 +78,10 @@ public final class UserStorage
public Stored<User> get(UUID id)
throws DeletedException,
SQLException {
final String sql = "SELECT version,name,joined FROM User WHERE id = '" + id.toString() + "'";
final Statement statement = connection.createStatement();
final ResultSet rs = statement.executeQuery(sql);
PreparedStatement statement = connection.prepareStatement("SELECT version,name,joined FROM User WHERE id = ?");
statement.setString(1, id.toString());
final ResultSet rs = statement.executeQuery();
if(rs.next()) {
final UUID version =
......@@ -98,10 +99,10 @@ public final class UserStorage
* Look up a user by their username;
**/
public Maybe<Stored<User>> lookup(String name) {
final String sql = "SELECT id FROM User WHERE name = '" + name + "'";
try{
final Statement statement = connection.createStatement();
final ResultSet rs = statement.executeQuery(sql);
PreparedStatement statement = connection.prepareStatement("SELECT id FROM User WHERE name = ?");
statement.setString(1, name);
final ResultSet rs = statement.executeQuery();
if(rs.next())
return Maybe.just(
get(UUID.fromString(rs.getString("id"))));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment