/src/edu/ucsb/nceas/metacat/DBQuery.java - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 6602

Added by ben leinfelder over 12 years ago

uses prepared statement parameter binding for queries
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527

     import java.sql.PreparedStatement;
     import java.sql.ResultSet;
     import java.sql.SQLException;
     import java.sql.Timestamp;
     import java.util.ArrayList;
     import java.util.Date;
     import java.util.Enumeration;
     import java.util.Hashtable;
     import java.util.Iterator;
     import java.util.List;
     import java.util.StringTokenizer;
     import java.util.Vector;
     import java.util.zip.ZipEntry;
-...
                                           Vector givenDocids, String qformat)
                                           throws Exception
+        {
         	// keep track of the values we add as prepared statement question marks (?)
       	  List<Object> parameterValues = new ArrayList<Object>();
           StringBuffer resultsetBuffer = new StringBuffer();
           String query = null;
           int count = 0;
-...
            * and contruct a simpler query based on a
            * list of docids rather than a bunch of subselects
            */
           // keep track of the values we add as prepared statement question marks (?)
     	  List<Object> docidValues = new ArrayList<Object>();
           if ( givenDocids == null || givenDocids.size() == 0 ) {
               query = qspec.printSQL(useXMLIndex);
               query = qspec.printSQL(useXMLIndex, docidValues);
               parameterValues.addAll(docidValues);
           } else {
         	  // condition for the docids
         	  StringBuffer docidCondition = new StringBuffer();
-...
                   query = query + docidCondition.toString();
         	  } else {
         		  // start with the keyword query, but add conditions
                   query = qspec.printSQL(useXMLIndex);
                   query = qspec.printSQL(useXMLIndex, docidValues);
                   parameterValues.addAll(docidValues);
                   String myOperator = "";
                   if (!query.endsWith("WHERE")) {
     	              if (operator.equalsIgnoreCase(QueryGroup.UNION)) {
-...
           startTime = System.currentTimeMillis() / 1000;
           pstmt = dbconn.prepareStatement(query);
           // set all the values we have collected
           pstmt = setPreparedStatementValues(parameterValues, pstmt);
           logMetacat.debug("Prepared statement after setting parameter values: " + pstmt.toString());
           rs = pstmt.executeQuery();
           double queryExecuteTime = System.currentTimeMillis() / 1000;
-...
               boolean tableHasRows = false;
               // keep track of parameter values
               List<Object> parameterValues = new ArrayList<Object>();
                String extendedQuery =
                    qspec.printExtendedSQL(doclist.toString(), useXMLIndex);
                    qspec.printExtendedSQL(doclist.toString(), useXMLIndex, parameterValues);
                logMetacat.info("DBQuery.addReturnfield - Extended query: " + extendedQuery);
                if(extendedQuery != null){
     //        	   long extendedQueryStart = System.currentTimeMillis();
                    pstmt = dbconn.prepareStatement(extendedQuery);
                    // set the parameter values
                    pstmt = DBQuery.setPreparedStatementValues(parameterValues, pstmt);
                    //increase dbconnection usage count
                    dbconn.increaseUsageCount(1);
                    pstmt.execute();
-...
     		   queryResultCache.clear();
+    	   }
+       }
        /**
         * Set the parameter values in the prepared statement using instrospection
         * of the given value objects
         * @param parameterValues
         * @param pstmt
         * @return
         * @throws SQLException
         */
        public static PreparedStatement setPreparedStatementValues(List<Object> parameterValues, PreparedStatement pstmt) throws SQLException {
     	   // set all the values we have collected
           int parameterIndex = 1;
           for (Object parameterValue: parameterValues) {
         	  if (parameterValue instanceof String) {
         		  pstmt.setString(parameterIndex, (String) parameterValue);
+        	  }
         	  else if (parameterValue instanceof Integer) {
         		  pstmt.setInt(parameterIndex, (Integer) parameterValue);
+        	  }
         	  else if (parameterValue instanceof Float) {
         		  pstmt.setFloat(parameterIndex, (Float) parameterValue);
+        	  }
         	  else if (parameterValue instanceof Double) {
         		  pstmt.setDouble(parameterIndex, (Double) parameterValue);
+        	  }
         	  else if (parameterValue instanceof Date) {
         		  pstmt.setTimestamp(parameterIndex, new Timestamp(((Date) parameterValue).getTime()));
+        	  }
         	  else {
         		  pstmt.setObject(parameterIndex, parameterValue);
+        	  }
         	  parameterIndex++;
+          }
           return pstmt;
+       }
         /*

Also available in: Unified diff

Project

General

Profile

Metacat

Revision 6602

Added by ben leinfelder over 12 years ago