Revision 6606
Added by ben leinfelder over 12 years ago
DocumentImpl.java | ||
---|---|---|
43 | 43 |
import java.sql.PreparedStatement; |
44 | 44 |
import java.sql.ResultSet; |
45 | 45 |
import java.sql.SQLException; |
46 |
import java.sql.Statement; |
|
47 | 46 |
import java.sql.Timestamp; |
48 | 47 |
import java.util.Calendar; |
49 | 48 |
import java.util.Date; |
... | ... | |
3420 | 3419 |
throws SQLException |
3421 | 3420 |
{ |
3422 | 3421 |
String type = null; |
3423 |
String sql = "SELECT DOCTYPE FROM xml_documents WHERE docid LIKE " + "'" +
|
|
3424 |
docidWithoutRev +"'";
|
|
3425 |
Statement stmt = null;
|
|
3426 |
stmt = conn.createStatement();
|
|
3427 |
ResultSet result = stmt.executeQuery(sql);
|
|
3422 |
String sql = "SELECT DOCTYPE FROM xml_documents WHERE docid LIKE ?";
|
|
3423 |
PreparedStatement stmt = null;
|
|
3424 |
stmt = conn.prepareStatement(sql);
|
|
3425 |
stmt.setString(1, docidWithoutRev);
|
|
3426 |
ResultSet result = stmt.executeQuery(); |
|
3428 | 3427 |
boolean hasResult = result.next(); |
3429 | 3428 |
if (hasResult) |
3430 | 3429 |
{ |
Also available in: Unified diff
uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527