Project

General

Profile

« Previous | Next » 

Revision 6606

Added by ben leinfelder over 12 years ago

uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527

View differences:

DBSAXNode.java
29 29 
import java.sql.PreparedStatement;
30 30 
import java.sql.ResultSet;
31 31 
import java.sql.SQLException;
32 
import java.sql.Statement;
33 32 
import java.util.Enumeration;
34 33 
import java.util.Hashtable;
35 34 

  		




  ......




  356
  355
  
    
  /** get next node id from DB connection */


  		




  357
  356
  
    
  private long generateNodeID() throws SAXException {


  		




  358
  357
  
    
      long nid=0;


  		




  359
  
  
    
      Statement stmt;


  		




  
  358
  
    
      PreparedStatement pstmt;


  		




  360
  359
  
    
      DBConnection dbConn = null;


  		




  361
  360
  
    
      int serialNumber = -1;


  		




  362
  361
  
    
      try {


  		




  363
  362
  
    
        // Get DBConnection


  		




  364
  363
  
    
        dbConn=DBConnectionPool.getDBConnection("DBSAXNode.generateNodeID");


  		




  365
  364
  
    
        serialNumber=dbConn.getCheckOutSerialNumber();


  		




  366
  
  
    
        stmt = dbConn.createStatement();


  		




  367
  
  
    
        stmt.execute("SELECT xml_nodes_id_seq.nextval FROM dual");


  		




  368
  
  
    
        ResultSet rs = stmt.getResultSet();


  		




  
  365
  
    
        String sql = "SELECT xml_nodes_id_seq.nextval FROM dual";


  		




  
  366
  
    
        pstmt = dbConn.prepareStatement(sql);


  		




  
  367
  
    
        pstmt.execute();


  		




  
  368
  
    
        ResultSet rs = pstmt.getResultSet();


  		




  369
  369
  
    
        boolean tableHasRows = rs.next();


  		




  370
  370
  
    
        if (tableHasRows) {


  		




  371
  371
  
    
          nid = rs.getLong(1);


  		




  372
  372
  
    
        }


  		




  373
  
  
    
        stmt.close();


  		




  
  373
  
    
        pstmt.close();


  		




  374
  374
  
    
      } catch (SQLException e) {


  		




  375
  375
  
    
        System.out.println("Error in DBSaxNode.generateNodeID: " +


  		




  376
  376
  
    
                            e.getMessage());


  		












Also available in:  Unified diff