Project

General

Profile

« Previous | Next » 

Revision 6602

Added by ben leinfelder over 12 years ago

uses prepared statement parameter binding for queries
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527

View differences:

QueryGroupTest.java
23 23 
 */
24 24 
package edu.ucsb.nceas.metacattest;
25 25 

  		




  
  26
  
    
import java.sql.PreparedStatement;


  		




  
  27
  
    
import java.util.ArrayList;


  		




  
  28
  
    
import java.util.List;


  		




  
  29
  
    

  		




  26
  30
  
    
import junit.framework.Test;


  		




  27
  31
  
    
import junit.framework.TestSuite;


  		




  28
  32
  
    

  		




  29
  33
  
    
import edu.ucsb.nceas.MCTestCase;


  		




  
  34
  
    
import edu.ucsb.nceas.metacat.DBQuery;


  		




  30
  35
  
    
import edu.ucsb.nceas.metacat.QueryGroup;


  		




  31
  36
  
    
import edu.ucsb.nceas.metacat.QueryTerm;


  		




  
  37
  
    
import edu.ucsb.nceas.metacat.database.DBConnectionPool;


  		




  32
  38
  
    
import edu.ucsb.nceas.metacat.properties.PropertyService;


  		




  33
  39
  
    
import edu.ucsb.nceas.metacat.util.MetacatUtil;


  		




  34
  40
  
    

  		




  ......




  52
  58
  
    
  		  System.err.println("Exception in initialize option in MetacatServletNetTest "+e.getMessage());


  		




  53
  59
  
    
  	  }


  		




  54
  60
  
    
    }


  		




  55
  
  
    
    private String query = "(SELECT DISTINCT docid FROM xml_path_index WHERE  (UPPER(nodedata) "+


  		




  56
  
  
    
                                            "LIKE '%LAND%' AND path IN ('dataset/title','geographicCoverage/boundingCoordinates/southBoundingCoordinate')) " +


  		




  57
  
  
    
                                            "OR ((UPPER(nodedata) LIKE '%JONES%' AND path LIKE 'organizationName') ) OR ((UPPER(nodedata) LIKE '%LAND %' AND path LIKE 'keyword') ) " +


  		




  58
  
  
    
                                            "OR ((UPPER(nodedata) LIKE '%DATOS%' AND path LIKE 'entityName') ) UNION ((SELECT DISTINCT docid FROM xml_nodes WHERE UPPER(nodedata) " +


  		




  59
  
  
    
                                            "LIKE '%VALUE1%' AND parentnodeid IN (SELECT nodeid FROM xml_index WHERE path LIKE 'path1') )  UNION " +


  		




  60
  
  
    
                                            "(SELECT DISTINCT docid FROM xml_nodes WHERE UPPER(nodedata) LIKE '%VALUE2%' AND parentnodeid IN " +


  		




  61
  
  
    
                                            "(SELECT nodeid FROM xml_index WHERE path LIKE 'path2') ) ))";


  		




  
  61
  
    
    /**


  		




  
  62
  
    
     * NOTE: there are no quotes around the values because we are comparing it to a PreparedStatement.toString()


  		




  
  63
  
    
     * String after binding the parameter values. Please trust that the PreparedStatement is correct.


  		




  
  64
  
    
     */


  		




  
  65
  
    
    private String query = 


  		




  
  66
  
    
    	"(SELECT DISTINCT docid FROM xml_path_index WHERE  (UPPER(nodedata) "+


  		




  
  67
  
    
        "LIKE %LAND% AND path IN ( dataset/title, geographicCoverage/boundingCoordinates/southBoundingCoordinate )) " +


  		




  
  68
  
    
        "OR ((UPPER(nodedata) LIKE %JONES% AND path LIKE organizationName) ) OR ((UPPER(nodedata) LIKE %LAND % AND path LIKE keyword) ) " +


  		




  
  69
  
    
        "OR ((UPPER(nodedata) LIKE %DATOS% AND path LIKE entityName) ) UNION ((SELECT DISTINCT docid FROM xml_nodes WHERE UPPER(nodedata) " +


  		




  
  70
  
    
        "LIKE %VALUE1% AND parentnodeid IN (SELECT nodeid FROM xml_index WHERE path LIKE path1) )  UNION " +


  		




  
  71
  
    
        "(SELECT DISTINCT docid FROM xml_nodes WHERE UPPER(nodedata) LIKE %VALUE2% AND parentnodeid IN " +


  		




  
  72
  
    
        "(SELECT nodeid FROM xml_index WHERE path LIKE path2) ) ))";


  		




  62
  73
  
    
    


  		




  63
  74
  
    
    /**


  		




  64
  75
  
    
     * Constructor to build the test


  		




  ......




  120
  131
  
    
    	group.addChild(term4);


  		




  121
  132
  
    
    	group.addChild(term5);


  		




  122
  133
  
    
    	group.addChild(child);


  		




  123
  
  
    
    	String queryString = group.printSQL(true);


  		




  124
  
  
    
    	assertTrue(queryString.equals(query)); 


  		




  125
  
  
    
    	


  		




  
  134
  
    
    	// keep track of parameter values


  		




  
  135
  
    
        List<Object> parameterValues = new ArrayList<Object>();


  		




  
  136
  
    
    	String queryString = group.printSQL(true, parameterValues);


  		




  
  137
  
    
    	try {


  		




  
  138
  
    
    		// fill in the values to really check the query string matches original/expected


  		




  
  139
  
    
    		PreparedStatement pstmt = DBConnectionPool.getDBConnection("queryGroupTest").prepareStatement(queryString);


  		




  
  140
  
    
    		pstmt = DBQuery.setPreparedStatementValues(parameterValues, pstmt);


  		




  
  141
  
    
    		String preparedQueryString = pstmt.toString();


  		




  
  142
  
    
    		System.out.println("Prepared query: " + preparedQueryString);


  		




  
  143
  
    
    		System.out.println("Original query: " + query);


  		




  
  144
  
    

  		




  
  145
  
    
    		assertEquals(query, preparedQueryString);


  		




  
  146
  
    
    	} catch (Exception e) {


  		




  
  147
  
    
    		e.printStackTrace();


  		




  
  148
  
    
			fail(e.getMessage());


  		




  
  149
  
    
		}


  		




  126
  150
  
    
    }


  		




  127
  151
  
    
    


  		




  128
  152
  
    
    


  		












Also available in:  Unified diff