Revision 6606
Added by ben leinfelder over 12 years ago
DBSAXNode.java | ||
---|---|---|
29 | 29 |
import java.sql.PreparedStatement; |
30 | 30 |
import java.sql.ResultSet; |
31 | 31 |
import java.sql.SQLException; |
32 |
import java.sql.Statement; |
|
33 | 32 |
import java.util.Enumeration; |
34 | 33 |
import java.util.Hashtable; |
35 | 34 |
|
... | ... | |
356 | 355 |
/** get next node id from DB connection */ |
357 | 356 |
private long generateNodeID() throws SAXException { |
358 | 357 |
long nid=0; |
359 |
Statement stmt;
|
|
358 |
PreparedStatement pstmt;
|
|
360 | 359 |
DBConnection dbConn = null; |
361 | 360 |
int serialNumber = -1; |
362 | 361 |
try { |
363 | 362 |
// Get DBConnection |
364 | 363 |
dbConn=DBConnectionPool.getDBConnection("DBSAXNode.generateNodeID"); |
365 | 364 |
serialNumber=dbConn.getCheckOutSerialNumber(); |
366 |
stmt = dbConn.createStatement(); |
|
367 |
stmt.execute("SELECT xml_nodes_id_seq.nextval FROM dual"); |
|
368 |
ResultSet rs = stmt.getResultSet(); |
|
365 |
String sql = "SELECT xml_nodes_id_seq.nextval FROM dual"; |
|
366 |
pstmt = dbConn.prepareStatement(sql); |
|
367 |
pstmt.execute(); |
|
368 |
ResultSet rs = pstmt.getResultSet(); |
|
369 | 369 |
boolean tableHasRows = rs.next(); |
370 | 370 |
if (tableHasRows) { |
371 | 371 |
nid = rs.getLong(1); |
372 | 372 |
} |
373 |
stmt.close(); |
|
373 |
pstmt.close();
|
|
374 | 374 |
} catch (SQLException e) { |
375 | 375 |
System.out.println("Error in DBSaxNode.generateNodeID: " + |
376 | 376 |
e.getMessage()); |
Also available in: Unified diff
uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527