Commit 8ae05d92 authored by vehjelmtvedt's avatar vehjelmtvedt
Browse files

AccountStorage now use prepared statements.

parent b4038162
# Default ignored files
/shelf/
/workspace.xml
# Editor-based HTTP Client requests
/httpRequests/
# Datasource local storage ignored files
/dataSources/
/dataSources.local.xml
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="CompilerConfiguration">
<annotationProcessing>
<profile name="Maven default annotation processors profile" enabled="true">
<sourceOutputDir name="target/generated-sources/annotations" />
<sourceTestOutputDir name="target/generated-test-sources/test-annotations" />
<outputRelativeToContentRoot value="true" />
<module name="inchat" />
</profile>
</annotationProcessing>
</component>
<component name="JavacSettings">
<option name="ADDITIONAL_OPTIONS_OVERRIDE">
<module name="inchat" options="-Xlint:all,-options,-path" />
</option>
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="Encoding">
<file url="file://$PROJECT_DIR$/src/main/java" charset="UTF-8" />
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="RemoteRepositoriesConfiguration">
<remote-repository>
<option name="id" value="central" />
<option name="name" value="Central Repository" />
<option name="url" value="https://repo.maven.apache.org/maven2" />
</remote-repository>
<remote-repository>
<option name="id" value="central" />
<option name="name" value="Maven Central repository" />
<option name="url" value="https://repo1.maven.org/maven2" />
</remote-repository>
<remote-repository>
<option name="id" value="jboss.community" />
<option name="name" value="JBoss Community repository" />
<option name="url" value="https://repository.jboss.org/nexus/content/repositories/public/" />
</remote-repository>
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="ExternalStorageConfigurationManager" enabled="true" />
<component name="MavenProjectsManager">
<option name="originalFiles">
<list>
<option value="$PROJECT_DIR$/pom.xml" />
</list>
</option>
</component>
<component name="PDMPlugin">
<option name="skipTestSources" value="false" />
</component>
<component name="ProjectRootManager" version="2" languageLevel="JDK_15" default="true" project-jdk-name="15" project-jdk-type="JavaSDK" />
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="RunConfigurationProducerService">
<option name="ignoredProducers">
<set>
<option value="com.android.tools.idea.compose.preview.runconfiguration.ComposePreviewRunConfigurationProducer" />
</set>
</option>
</component>
</project>
\ No newline at end of file
<?xml version="1.0" encoding="UTF-8"?>
<project version="4">
<component name="VcsDirectoryMappings">
<mapping directory="$PROJECT_DIR$" vcs="Git" />
</component>
</project>
\ No newline at end of file
File added
......@@ -40,7 +40,7 @@ public final class Account {
/**
* Join a channel with this account.
*
* @return A new account object with the cannnel added.
* @return A new account object with the channel added.
*/
public Account joinChannel(final String alias,
final Stored<Channel> channel) {
......
package inf226.inchat;
import java.sql.Connection;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.sql.*;
import java.time.Instant;
import java.util.UUID;
......@@ -48,12 +45,13 @@ public final class AccountStorage
throws SQLException {
final Stored<Account> stored = new Stored<Account>(account);
String sql =
"INSERT INTO Account VALUES('" + stored.identity + "','"
+ stored.version + "','"
+ account.user.identity + "','"
+ account.password + "')";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("INSERT INTO Account VALUES(?,?,?,?)");
statement.setObject(1, stored.identity);
statement.setObject(2, stored.version);
statement.setObject(3, account.user.identity);
statement.setString(4, account.password);
statement.executeUpdate();
// Write the list of channels
final Maybe.Builder<SQLException> exception = Maybe.builder();
......@@ -61,13 +59,17 @@ public final class AccountStorage
account.channels.forEach(element -> {
String alias = element.first;
Stored<Channel> channel = element.second;
final String msql
= "INSERT INTO AccountChannel VALUES('" + stored.identity + "','"
+ channel.identity + "','"
+ alias + "','"
+ ordinal.get().toString() + "')";
try { connection.createStatement().executeUpdate(msql); }
catch (SQLException e) { exception.accept(e) ; }
try {
PreparedStatement statement1 = connection.prepareStatement("INSERT INTO AccountChannel VALUES(?,?,?,?");
statement1.setObject(1, stored.identity);
statement1.setObject(2, channel.identity);
statement1.setString(3, alias);
statement1.setString(4, ordinal.get().toString());
//Execute statement
statement1.executeUpdate();
} catch (SQLException e) { exception.accept(e); }
ordinal.accept(ordinal.get() + 1);
});
......@@ -84,29 +86,35 @@ public final class AccountStorage
final Stored<Account> current = get(account.identity);
final Stored<Account> updated = current.newVersion(new_account);
if(current.version.equals(account.version)) {
String sql = "UPDATE Account SET" +
" (version,user) =('"
+ updated.version + "','"
+ new_account.user.identity
+ "') WHERE id='"+ updated.identity + "'";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("UPDATE Account SET (version,user) =(?,?) WHERE id=?");
statement.setObject(1, updated.version);
statement.setObject(2, new_account.user.identity);
statement.setObject(3, updated.identity);
statement.executeUpdate();
// Rewrite the list of channels
connection.createStatement().executeUpdate("DELETE FROM AccountChannel WHERE account='" + account.identity + "'");
PreparedStatement deleteStmt = connection.prepareStatement("DELETE FROM AccountChannel WHERE account=?");
deleteStmt.setObject(1, account.identity);
deleteStmt.executeUpdate();
final Maybe.Builder<SQLException> exception = Maybe.builder();
final Mutable<Integer> ordinal = new Mutable<Integer>(0);
new_account.channels.forEach(element -> {
String alias = element.first;
Stored<Channel> channel = element.second;
final String msql
= "INSERT INTO AccountChannel VALUES('" + account.identity + "','"
+ channel.identity + "','"
+ alias + "','"
+ ordinal.get().toString() + "')";
try { connection.createStatement().executeUpdate(msql); }
catch (SQLException e) { exception.accept(e) ; }
try {
PreparedStatement statement1 = connection.prepareStatement("INSERT INTO AccountChannel VALUES(?,?,?,?)");
statement1.setObject(1, account.identity);
statement1.setObject(2, channel.identity);
statement1.setString(3, alias);
statement1.setString(4, ordinal.get().toString());
// Execute statement
statement1.executeUpdate();
} catch (SQLException e) { exception.accept(e); }
ordinal.accept(ordinal.get() + 1);
});
......@@ -124,8 +132,10 @@ public final class AccountStorage
SQLException {
final Stored<Account> current = get(account.identity);
if(current.version.equals(account.version)) {
String sql = "DELETE FROM Account WHERE id ='" + account.identity + "'";
connection.createStatement().executeUpdate(sql);
PreparedStatement statement = connection.prepareStatement("DELETE FROM Account WHERE id =?");
statement.setObject(1, account.identity);
statement.executeUpdate();
} else {
throw new UpdatedException(current);
}
......@@ -135,14 +145,15 @@ public final class AccountStorage
throws DeletedException,
SQLException {
final String accountsql = "SELECT version,user,password FROM Account WHERE id = '" + id.toString() + "'";
final String channelsql = "SELECT channel,alias,ordinal FROM AccountChannel WHERE account = '" + id.toString() + "' ORDER BY ordinal DESC";
PreparedStatement accountStmt = connection.prepareStatement("SELECT version,user,password FROM Account WHERE id =?");
accountStmt.setString(1, id.toString());
final Statement accountStatement = connection.createStatement();
final Statement channelStatement = connection.createStatement();
PreparedStatement channelStmt = connection.prepareStatement("SELECT channel,alias,ordinal FROM AccountChannel WHERE account = ? ORDER BY ordinal DESC");
channelStmt.setString(1, id.toString());
final ResultSet accountResult = accountStatement.executeQuery(accountsql);
final ResultSet channelResult = channelStatement.executeQuery(channelsql);
final ResultSet accountResult = accountStmt.executeQuery();
final ResultSet channelResult = channelStmt.executeQuery();
if(accountResult.next()) {
final UUID version = UUID.fromString(accountResult.getString("version"));
......@@ -173,12 +184,11 @@ public final class AccountStorage
public Stored<Account> lookup(String username)
throws DeletedException,
SQLException {
final String sql = "SELECT Account.id from Account INNER JOIN User ON user=User.id where User.name='" + username + "'";
System.err.println(sql);
final Statement statement = connection.createStatement();
final ResultSet rs = statement.executeQuery(sql);
PreparedStatement stmt = connection.prepareStatement("SELECT Account.id from Account INNER JOIN User ON user=User.id where User.name=?");
stmt.setString(1, username);
final ResultSet rs = stmt.executeQuery();
if(rs.next()) {
final UUID identity =
UUID.fromString(rs.getString("id"));
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment