Escape table name with backticks (`) in sql messenger (#1847, #1848)

This commit is contained in:
electron 2019-12-04 23:50:56 +03:00 committed by Luck
parent 31b57df567
commit 86a15b9a66

View File

@ -71,7 +71,7 @@ public abstract class AbstractSqlMessenger implements Messenger {
@Override @Override
public void sendOutgoingMessage(@NonNull OutgoingMessage outgoingMessage) { public void sendOutgoingMessage(@NonNull OutgoingMessage outgoingMessage) {
try (Connection c = getConnection()) { try (Connection c = getConnection()) {
try (PreparedStatement ps = c.prepareStatement("INSERT INTO " + getTableName() + "(`time`, `msg`) VALUES(NOW(), ?)")) { try (PreparedStatement ps = c.prepareStatement("INSERT INTO `" + getTableName() + "` (`time`, `msg`) VALUES(NOW(), ?)")) {
ps.setString(1, outgoingMessage.asEncodedString()); ps.setString(1, outgoingMessage.asEncodedString());
ps.execute(); ps.execute();
} }
@ -82,7 +82,7 @@ public abstract class AbstractSqlMessenger implements Messenger {
public void pollMessages() { public void pollMessages() {
try (Connection c = getConnection()) { try (Connection c = getConnection()) {
try (PreparedStatement ps = c.prepareStatement("SELECT `id`, `msg` FROM " + getTableName() + " WHERE `id` > ? AND (NOW() - `time` < 30)")) { try (PreparedStatement ps = c.prepareStatement("SELECT `id`, `msg` FROM `" + getTableName() + "` WHERE `id` > ? AND (NOW() - `time` < 30)")) {
ps.setLong(1, this.lastId); ps.setLong(1, this.lastId);
try (ResultSet rs = ps.executeQuery()) { try (ResultSet rs = ps.executeQuery()) {
while (rs.next()) { while (rs.next()) {
@ -101,7 +101,7 @@ public abstract class AbstractSqlMessenger implements Messenger {
public void runHousekeeping() { public void runHousekeeping() {
try (Connection c = getConnection()) { try (Connection c = getConnection()) {
try (PreparedStatement ps = c.prepareStatement("DELETE FROM " + getTableName() + " WHERE (NOW() - `time` > 60)")) { try (PreparedStatement ps = c.prepareStatement("DELETE FROM `" + getTableName() + "` WHERE (NOW() - `time` > 60)")) {
ps.execute(); ps.execute();
} }
} catch (SQLException e) { } catch (SQLException e) {