Revision 6606
Added by ben leinfelder over 12 years ago
Eml200SAXHandler.java | ||
---|---|---|
41 | 41 |
import java.sql.PreparedStatement; |
42 | 42 |
import java.sql.ResultSet; |
43 | 43 |
import java.sql.SQLException; |
44 |
import java.sql.Statement; |
|
45 | 44 |
import java.util.Date; |
46 | 45 |
import java.util.EmptyStackException; |
47 | 46 |
import java.util.Enumeration; |
... | ... | |
742 | 741 |
.getDBConnection("DBSAXHandler.startElement"); |
743 | 742 |
serialNumber = dbConn.getCheckOutSerialNumber(); |
744 | 743 |
|
745 |
Statement stmt = dbConn.createStatement(); |
|
746 |
ResultSet rs = stmt |
|
747 |
.executeQuery("SELECT catalog_id FROM xml_catalog " |
|
748 |
+ "WHERE entry_type = 'Schema' " |
|
749 |
+ "AND public_id = '" + doctype + "'"); |
|
744 |
String sql = "SELECT catalog_id FROM xml_catalog " |
|
745 |
+ "WHERE entry_type = 'Schema' " |
|
746 |
+ "AND public_id = ?"; |
|
747 |
PreparedStatement pstmt = dbConn.prepareStatement(sql); |
|
748 |
pstmt.setString(1, doctype); |
|
749 |
ResultSet rs = pstmt.executeQuery(); |
|
750 | 750 |
boolean hasRow = rs.next(); |
751 | 751 |
if (hasRow) { |
752 | 752 |
catalogid = rs.getString(1); |
753 | 753 |
} |
754 |
stmt.close(); |
|
754 |
pstmt.close();
|
|
755 | 755 |
//System.out.println("here!!!!!!!!!!!!!!!!!!2"); |
756 | 756 |
}//try |
757 | 757 |
finally { |
... | ... | |
2169 | 2169 |
private void deletePermissionsInAccessTableForDoc(String docid) |
2170 | 2170 |
throws SAXException |
2171 | 2171 |
{ |
2172 |
Statement stmt = null;
|
|
2172 |
PreparedStatement pstmt = null;
|
|
2173 | 2173 |
try { |
2174 |
String sql = "DELETE FROM xml_access WHERE docid = ?"; |
|
2174 | 2175 |
// delete all acl records for resources related to @aclid if any |
2175 |
stmt = connection.createStatement(); |
|
2176 |
pstmt = connection.prepareStatement(sql); |
|
2177 |
pstmt.setString(1, docid); |
|
2176 | 2178 |
// Increase DBConnection usage count |
2177 | 2179 |
connection.increaseUsageCount(1); |
2178 |
stmt.execute("DELETE FROM xml_access WHERE docid = '" |
|
2179 |
+ docid + "'"); |
|
2180 |
pstmt.execute(); |
|
2180 | 2181 |
|
2181 | 2182 |
} catch (SQLException e) { |
2182 | 2183 |
throw new SAXException(e.getMessage()); |
2183 | 2184 |
} finally { |
2184 | 2185 |
try { |
2185 |
stmt.close(); |
|
2186 |
pstmt.close();
|
|
2186 | 2187 |
} catch (SQLException ee) { |
2187 | 2188 |
throw new SAXException(ee.getMessage()); |
2188 | 2189 |
} |
... | ... | |
2192 | 2193 |
/* Delete access rules from xml_access for a subtee id */ |
2193 | 2194 |
private void deleteSubtreeAccessRule(String subtreeid) throws SAXException |
2194 | 2195 |
{ |
2195 |
Statement stmt = null;
|
|
2196 |
PreparedStatement pstmt = null;
|
|
2196 | 2197 |
try |
2197 | 2198 |
{ |
2198 |
stmt = connection.createStatement(); |
|
2199 |
String sql = |
|
2200 |
"DELETE FROM xml_access " + |
|
2201 |
"WHERE accessfileid = ? " + |
|
2202 |
"AND subtreeid = ?"; |
|
2203 |
pstmt = connection.prepareStatement(sql); |
|
2204 |
pstmt.setString(1, docid); |
|
2205 |
pstmt.setString(2, subtreeid); |
|
2199 | 2206 |
// Increase DBConnection usage count |
2200 | 2207 |
connection.increaseUsageCount(1); |
2201 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" |
|
2202 |
+ docid + "' AND subtreeid ='" + subtreeid +"'"); |
|
2208 |
pstmt.execute(); |
|
2203 | 2209 |
} |
2204 | 2210 |
catch (SQLException e) |
2205 | 2211 |
{ |
... | ... | |
2209 | 2215 |
{ |
2210 | 2216 |
try |
2211 | 2217 |
{ |
2212 |
stmt.close(); |
|
2218 |
pstmt.close();
|
|
2213 | 2219 |
} |
2214 | 2220 |
catch (SQLException ee) |
2215 | 2221 |
{ |
... | ... | |
2221 | 2227 |
|
2222 | 2228 |
private void deleteAllInlineDataAccessRules() throws SAXException |
2223 | 2229 |
{ |
2224 |
Statement stmt = null;
|
|
2230 |
PreparedStatement pstmt = null;
|
|
2225 | 2231 |
try |
2226 | 2232 |
{ |
2227 |
stmt = connection.createStatement(); |
|
2233 |
String sql = |
|
2234 |
"DELETE FROM xml_access " + |
|
2235 |
"WHERE accessfileid = ? AND subtreeid IS NOT NULL"; |
|
2236 |
pstmt = connection.prepareStatement(sql); |
|
2237 |
pstmt.setString(1, docid); |
|
2228 | 2238 |
// Increase DBConnection usage count |
2229 | 2239 |
connection.increaseUsageCount(1); |
2230 |
stmt.execute("DELETE FROM xml_access WHERE accessfileid = '" |
|
2231 |
+ docid + "' AND subtreeid IS NOT NULL"); |
|
2240 |
pstmt.execute(); |
|
2232 | 2241 |
} |
2233 | 2242 |
catch (SQLException e) |
2234 | 2243 |
{ |
... | ... | |
2238 | 2247 |
{ |
2239 | 2248 |
try |
2240 | 2249 |
{ |
2241 |
stmt.close(); |
|
2250 |
pstmt.close();
|
|
2242 | 2251 |
} |
2243 | 2252 |
catch (SQLException ee) |
2244 | 2253 |
{ |
... | ... | |
2349 | 2358 |
/* Delete every access subtree record from xml_accesssubtree. */ |
2350 | 2359 |
private void deleteAccessSubTreeRecord(String docId) throws SAXException |
2351 | 2360 |
{ |
2352 |
Statement stmt = null;
|
|
2361 |
PreparedStatement pstmt = null;
|
|
2353 | 2362 |
try { |
2363 |
String sql = "DELETE FROM xml_accesssubtree WHERE docid = ?"; |
|
2354 | 2364 |
// delete all acl records for resources related to @aclid if any |
2355 |
stmt = connection.createStatement(); |
|
2365 |
pstmt = connection.prepareStatement(sql); |
|
2366 |
pstmt.setString(1, docId); |
|
2356 | 2367 |
// Increase DBConnection usage count |
2357 | 2368 |
connection.increaseUsageCount(1); |
2358 |
logMetacat.debug("running sql: DELETE FROM xml_accesssubtree WHERE docid = '" |
|
2359 |
+ docId + "'"); |
|
2360 |
stmt.execute("DELETE FROM xml_accesssubtree WHERE docid = '" |
|
2361 |
+ docId + "'"); |
|
2369 |
logMetacat.debug("running sql: " + sql); |
|
2370 |
pstmt.execute(); |
|
2362 | 2371 |
|
2363 | 2372 |
} catch (SQLException e) { |
2364 | 2373 |
throw new SAXException(e.getMessage()); |
2365 | 2374 |
} finally { |
2366 | 2375 |
try { |
2367 |
stmt.close(); |
|
2376 |
pstmt.close();
|
|
2368 | 2377 |
} catch (SQLException ee) { |
2369 | 2378 |
throw new SAXException(ee.getMessage()); |
2370 | 2379 |
} |
Also available in: Unified diff
uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527