/test/edu/ucsb/nceas/MCTestCase.java - Diff - Metacat - Ecoinformatics Redmine

« Previous | Next »

Revision 6606

Added by ben leinfelder over 12 years ago

uses prepared statement instead of plain old statement.
deprecated the DBConnection.createStatement() method to discourage direct parameter value use in favor of parameter binding.
http://bugzilla.ecoinformatics.org/show_bug.cgi?id=5527

     package edu.ucsb.nceas;
     import junit.framework.TestCase;
     import java.io.BufferedReader;
     import java.io.File;
     import java.io.FileReader;
-...
     import java.sql.ResultSet;
     import java.sql.ResultSetMetaData;
     import java.sql.SQLException;
     import java.sql.Statement;
     import java.util.Calendar;
     import java.util.Date;
     import java.util.GregorianCalendar;
     import java.util.HashMap;
     import java.util.Hashtable;
     import java.util.SimpleTimeZone;
     import java.util.TimeZone;
     import java.util.Vector;
     import junit.framework.TestCase;
     import org.apache.http.client.HttpClient;
     import org.apache.http.impl.client.DefaultHttpClient;
     import edu.ucsb.nceas.metacat.database.DBConnection;
     import edu.ucsb.nceas.metacat.database.DBConnectionPool;
     import edu.ucsb.nceas.metacat.client.InsufficientKarmaException;
     import edu.ucsb.nceas.metacat.client.Metacat;
     import edu.ucsb.nceas.metacat.client.MetacatException;
     import edu.ucsb.nceas.metacat.client.MetacatFactory;
     import edu.ucsb.nceas.metacat.client.MetacatInaccessibleException;
     import edu.ucsb.nceas.metacat.database.DBConnection;
     import edu.ucsb.nceas.metacat.database.DBConnectionPool;
     import edu.ucsb.nceas.metacat.properties.PropertyService;
     import edu.ucsb.nceas.metacat.shared.ServiceException;
     import edu.ucsb.nceas.metacat.util.DocumentUtil;
-...
     	protected static void dbQuery(String sqlStatement, String methodName)
     			throws SQLException {
     		DBConnectionPool connPool = DBConnectionPool.getInstance();
     		DBConnection dbconn = DBConnectionPool.getDBConnection(methodName);
     		int serialNumber = dbconn.getCheckOutSerialNumber();
     		Statement statement = dbconn.createStatement();
     		PreparedStatement statement = dbconn.prepareStatement(sqlStatement);
     		debug("Executing against db: " + sqlStatement);
     		statement.executeQuery(sqlStatement);
     		statement.executeQuery();
     		statement.close();
-...
     	protected static void dbUpdate(String sqlStatement, String methodName)
     			throws SQLException {
     		DBConnectionPool connPool = DBConnectionPool.getInstance();
     		DBConnection dbconn = DBConnectionPool.getDBConnection(methodName);
     		int serialNumber = dbconn.getCheckOutSerialNumber();
     		Statement statement = dbconn.createStatement();
     		PreparedStatement statement = dbconn.prepareStatement(sqlStatement);
     		debug("Executing against db: " + sqlStatement);
     		statement.executeUpdate(sqlStatement);
     		statement.executeUpdate();
     		statement.close();
     		DBConnectionPool.returnDBConnection(dbconn, serialNumber);

Also available in: Unified diff

Project

General

Profile

Metacat

Revision 6606

Added by ben leinfelder over 12 years ago