Upstream/bentobox
1
0
Fork 0
mirror of https://github.com/BentoBoxWorld/BentoBox.git synced 2024-10-02 08:37:35 +02:00
Code Issues Projects Releases Wiki Activity

Helped secure the prepared statement

Browse Source
This commit is contained in:
Tastybento 2018-02-07 20:43:13 -08:00
parent 41dd491f05
commit b833b17d22
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/main/java/us/tastybento/bskyblock/database/mysql/MySQLDatabaseHandler.java
View File

@ -451,9 +451,11 @@ public class MySQLDatabaseHandler<T> extends AbstractDatabaseHandler<T> {
// Get the columns we are going to insert, just the names of them
setSql += getCollectionColumnString(propertyDescriptor.getWriteMethod(), false, false) + ") ";
// Get all the ?'s for the columns
setSql += "VALUES ('" + uniqueId + "'," + getCollectionColumnString(propertyDescriptor.getWriteMethod(), true, false) + ")";
setSql += "VALUES ('?'," + getCollectionColumnString(propertyDescriptor.getWriteMethod(), true, false) + ")";
// Prepare the statement
try (PreparedStatement collStatement = connection.prepareStatement(setSql)) {
// Set the uniqueId
collStatement.setString(1, uniqueId);
if (DEBUG)
plugin.getLogger().info("DEBUG: collection insert =" + setSql);
// Do single dimension types (set and list)
@ -471,7 +473,7 @@ public class MySQLDatabaseHandler<T> extends AbstractDatabaseHandler<T> {
setValue = serialize(setValue, setValue.getClass());
//}
// Set the value from ? to whatever it is
collStatement.setObject(1, setValue);
collStatement.setObject(2, setValue);
if (DEBUG)
plugin.getLogger().info("DEBUG: " + collStatement.toString());
// Execute the SQL in the database