You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by sc...@apache.org on 2016/12/15 20:05:50 UTC

[5/5] airavata git commit: using parameter binding instead of escaping special characters in sharing catalog

using parameter binding instead of escaping special characters in sharing catalog


Project: http://git-wip-us.apache.org/repos/asf/airavata/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata/commit/dc65b9c5
Tree: http://git-wip-us.apache.org/repos/asf/airavata/tree/dc65b9c5
Diff: http://git-wip-us.apache.org/repos/asf/airavata/diff/dc65b9c5

Branch: refs/heads/develop
Commit: dc65b9c51d511728a3de03480e4f6fc03b17592b
Parents: e65ebc1
Author: scnakandala <su...@gmail.com>
Authored: Thu Dec 15 15:05:26 2016 -0500
Committer: scnakandala <su...@gmail.com>
Committed: Thu Dec 15 15:05:26 2016 -0500

----------------------------------------------------------------------
 .../db/repositories/AbstractRepository.java     | 40 +++++++++++---------
 1 file changed, 22 insertions(+), 18 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/airavata/blob/dc65b9c5/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
----------------------------------------------------------------------
diff --git a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
index d206616..271fef3 100644
--- a/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
+++ b/modules/sharing-registry/sharing-registry-server/src/main/java/org/apache/airavata/sharing/registry/db/repositories/AbstractRepository.java
@@ -101,10 +101,29 @@ public abstract class AbstractRepository<T, E, Id> {
     }
 
     public List<T> select(Map<String, String> filters, int offset, int limit) throws SharingRegistryException {
-        String queryString = getSelectQuery(filters);
+        String query = "SELECT DISTINCT p from " + dbEntityGenericClass.getSimpleName() + " as p";
+        ArrayList<String> parameters = new ArrayList<>();
+        int parameterCount = 1;
+        if (filters != null && filters.size() != 0) {
+            query += " WHERE ";
+            for (String k : filters.keySet()) {
+                query += "p." + k + " = ?" + parameterCount + " AND ";
+                parameters.add(filters.get(k));
+                parameterCount++;
+            }
+            query = query.substring(0, query.length() - 5);
+        }
+
+        query += " ORDER BY p.createdTime DESC";
+        String queryString = query;
         int newLimit = limit < 0 ? DBConstants.SELECT_MAX_ROWS: limit;
-        List resultSet =  (new JPAUtils()).execute(entityManager -> entityManager.createQuery(queryString).setFirstResult(offset)
-                .setMaxResults(newLimit).getResultList());
+        List resultSet = (new JPAUtils()).execute(entityManager -> {
+            javax.persistence.Query q = entityManager.createQuery(queryString);
+            for (int i = 0; i < parameters.size(); i++) {
+                q.setParameter(i + 1, parameters.get(i));
+            }
+            return q.setFirstResult(offset).setMaxResults(newLimit).getResultList();
+        });
         Mapper mapper = ObjectMapperSingleton.getInstance();
         List<T> gatewayList = new ArrayList<>();
         resultSet.stream().forEach(rs -> gatewayList.add(mapper.map(rs, thriftGenericClass)));
@@ -120,19 +139,4 @@ public abstract class AbstractRepository<T, E, Id> {
         resultSet.stream().forEach(rs -> gatewayList.add(mapper.map(rs, thriftGenericClass)));
         return gatewayList;
     }
-
-    public String getSelectQuery(Map<String, String> filters){
-        String query = "SELECT DISTINCT p from " + dbEntityGenericClass.getSimpleName() + " as p";
-        if(filters != null && filters.size() != 0){
-            query += " WHERE ";
-            for(String k : filters.keySet()){
-                query += "p." + k + " = '" + filters.get(k).replaceAll("'", "''") + "' AND ";
-            }
-            query = query.substring(0, query.length()-5);
-        }
-
-        query += " ORDER BY p.createdTime DESC";
-
-        return query;
-    }
 }
\ No newline at end of file