Upstream/AuthMeReloaded
1
0
Fork 0
mirror of https://github.com/AuthMe/AuthMeReloaded.git synced 2024-11-27 20:57:35 +01:00
Code Issues Projects Releases Wiki Activity

Use PreparedStatement in all case needed it - #308

Browse Source
This commit is contained in:
Xephi 2016-01-09 21:30:13 +01:00
parent 2f1338b08b
commit 607380e59c
1 changed files with 12 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/main/java/fr/xephi/authme/datasource/MySQL.java
View File

@ -627,15 +627,18 @@ public class MySQL implements DataSource {
public synchronized List<String> autoPurgeDatabase(long until) { public synchronized List<String> autoPurgeDatabase(long until) {
List<String> list = new ArrayList<>(); List<String> list = new ArrayList<>();
try (Connection con = getConnection()) { try (Connection con = getConnection()) {
String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<" + until; String sql = "SELECT " + columnName + " FROM " + tableName + " WHERE " + columnLastLogin + "<?;";
Statement st = con.createStatement(); PreparedStatement st = con.prepareStatement(sql);
ResultSet rs = st.executeQuery(sql); st.setLong(1, until);
ResultSet rs = st.executeQuery();
while (rs.next()) { while (rs.next()) {
list.add(rs.getString(columnName)); list.add(rs.getString(columnName));
} }
rs.close(); rs.close();
sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<" + until; sql = "DELETE FROM " + tableName + " WHERE " + columnLastLogin + "<?:";
st.executeUpdate(sql); st = con.prepareStatement(sql);
st.setLong(1, until);
st.executeUpdate();
st.close(); st.close();
} catch (SQLException ex) { } catch (SQLException ex) {
ConsoleLogger.showError(ex.getMessage()); ConsoleLogger.showError(ex.getMessage());
@ -657,9 +660,10 @@ public class MySQL implements DataSource {
ResultSet rs = pst.executeQuery(); ResultSet rs = pst.executeQuery();
if (rs.next()) { if (rs.next()) {
int id = rs.getInt(columnID); int id = rs.getInt(columnID);
sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=" + id; sql = "DELETE FROM xf_user_authenticate WHERE " + columnID + "=?;";
Statement st = con.createStatement(); PreparedStatement st = con.prepareStatement(sql);
st.executeUpdate(sql); st.setInt(1, id);
st.executeUpdate();
st.close(); st.close();
} }
rs.close(); rs.close();