Project

General

Profile

Revision 6615

use prepared statement place holder (?)

View differences:

src/edu/ucsb/nceas/metacat/Eml210SAXHandler.java
1572 1572
	private void deletePermissionsInAccessTable(String aclid) throws SAXException {
1573 1573
		PreparedStatement pstmt = null;
1574 1574
		try {
1575
			String sql = "DELETE FROM xml_access WHERE accessfileid = '" + aclid + "'";
1575
			String sql = "DELETE FROM xml_access WHERE accessfileid = ?";
1576 1576
			// delete all acl records for resources related to @aclid if any
1577 1577
			pstmt = connection.prepareStatement(sql);
1578 1578
			pstmt.setString(1, aclid);

Also available in: Unified diff