You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by ad...@apache.org on 2021/01/06 07:06:48 UTC
[roller] branch master updated: Fixed: sonarqube issue - used
prepared statement instead of create statement
This is an automated email from the ASF dual-hosted git repository.
adityasharma pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git
The following commit(s) were added to refs/heads/master by this push:
new d9efad6 Fixed: sonarqube issue - used prepared statement instead of create statement
d9efad6 is described below
commit d9efad61837ebc12aa3378c69ef51d70fef9c32e
Author: Aditya Sharma <ad...@apache.org>
AuthorDate: Wed Jan 6 12:35:54 2021 +0530
Fixed: sonarqube issue - used prepared statement instead of create statement
Though the above code is quite safe from any SQL injection as the passed values are not related to any user input.
SQL queries often need to use a hardcoded SQL string with a dynamic parameter coming from a user request. Formatting a string to add those parameters to the request is a bad practice as it can result in an SQL injection. The safe way to add parameters to a SQL query is to use SQL binding mechanisms.
We should use parameterized queries, prepared statements, or stored procedures whenever possible.
---
.../business/startup/DatabaseInstaller.java | 379 +++++++++++----------
1 file changed, 190 insertions(+), 189 deletions(-)
diff --git a/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java b/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
index 2a48086..257dde8 100644
--- a/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
+++ b/app/src/main/java/org/apache/roller/weblogger/business/startup/DatabaseInstaller.java
@@ -37,47 +37,47 @@ import org.apache.roller.weblogger.business.DatabaseProvider;
* has configured their installation type to 'auto'.
*/
public class DatabaseInstaller {
-
+
private static Log log = LogFactory.getLog(DatabaseInstaller.class);
-
+
private final DatabaseProvider db;
private final DatabaseScriptProvider scripts;
private final String version;
private List<String> messages = new ArrayList<String>();
-
+
// the name of the property which holds the dbversion value
private static final String DBVERSION_PROP = "roller.database.version";
-
-
+
+
public DatabaseInstaller(DatabaseProvider dbProvider, DatabaseScriptProvider scriptProvider) {
db = dbProvider;
scripts = scriptProvider;
-
+
Properties props = new Properties();
try {
props.load(getClass().getResourceAsStream("/roller-version.properties"));
} catch (IOException e) {
log.error("roller-version.properties not found", e);
}
-
+
version = props.getProperty("ro.version", "UNKNOWN");
}
-
-
- /**
+
+
+ /**
* Determine if database schema needs to be upgraded.
*/
public boolean isCreationRequired() {
Connection con = null;
- try {
+ try {
con = db.getConnection();
-
+
// just check for a couple key Roller tables
// roller_user table called rolleruser before Roller 5.1
if (tableExists(con, "userrole") && (tableExists(con, "roller_user") || tableExists(con, "rolleruser"))) {
return false;
}
-
+
} catch (Exception e) {
throw new RuntimeException("Error checking for tables", e);
} finally {
@@ -87,12 +87,12 @@ public class DatabaseInstaller {
}
} catch (Exception ignored) {}
}
-
+
return true;
}
-
-
- /**
+
+
+ /**
* Determine if database schema needs to be upgraded.
*/
public boolean isUpgradeRequired() {
@@ -103,7 +103,7 @@ public class DatabaseInstaller {
} catch (StartupException ex) {
throw new RuntimeException(ex);
}
-
+
// if dbversion is unset then assume a new install, otherwise compare
if (databaseVersion < 0) {
// if this is a fresh db then we need to set the database version
@@ -127,38 +127,38 @@ public class DatabaseInstaller {
return databaseVersion < desiredVersion;
}
}
-
-
+
+
public List<String> getMessages() {
return messages;
}
-
-
+
+
private void errorMessage(String msg) {
messages.add(msg);
log.error(msg);
- }
-
-
+ }
+
+
private void errorMessage(String msg, Throwable t) {
messages.add(msg);
log.error(msg, t);
}
-
-
+
+
private void successMessage(String msg) {
messages.add(msg);
log.trace(msg);
}
-
-
+
+
/**
* Create datatabase tables.
*/
public void createDatabase() throws StartupException {
-
+
log.info("Creating Roller Weblogger database tables.");
-
+
Connection con = null;
SQLScriptRunner create = null;
try {
@@ -167,17 +167,17 @@ public class DatabaseInstaller {
create = new SQLScriptRunner(scripts.getDatabaseScript(handle + "/createdb.sql"));
create.runScript(con, true);
messages.addAll(create.getMessages());
-
+
setDatabaseVersion(con, version);
-
+
} catch (SQLException sqle) {
log.error("ERROR running SQL in database creation script", sqle);
if (create != null) {
messages.addAll(create.getMessages());
}
errorMessage("ERROR running SQL in database creation script");
- throw new StartupException("Error running sql script", sqle);
-
+ throw new StartupException("Error running sql script", sqle);
+
} catch (Exception ioe) {
log.error("ERROR running database creation script", ioe);
if (create != null) {
@@ -194,19 +194,19 @@ public class DatabaseInstaller {
} catch (Exception ignored) {}
}
}
-
-
+
+
/**
* Upgrade database if dbVersion is older than desiredVersion.
*/
public void upgradeDatabase(boolean runScripts) throws StartupException {
-
+
int myVersion = parseVersionString(version);
int dbversion = getDatabaseVersion();
-
+
log.debug("Database version = "+dbversion);
log.debug("Desired version = "+myVersion);
-
+
Connection con = null;
try {
con = db.getConnection();
@@ -246,11 +246,11 @@ public class DatabaseInstaller {
upgradeTo520(con, runScripts);
dbversion = 520;
}
-
+
// make sure the database version is the exact version
// we are upgrading too.
updateDatabaseVersion(con, myVersion);
-
+
} catch (SQLException e) {
throw new StartupException("ERROR obtaining connection");
} finally {
@@ -266,16 +266,16 @@ public class DatabaseInstaller {
* Upgrade database to Roller 4.0.0
*/
private void upgradeTo400(Connection con, boolean runScripts) throws StartupException {
-
+
successMessage("Doing upgrade to 400 ...");
-
- // first we need to run upgrade scripts
+
+ // first we need to run upgrade scripts
SQLScriptRunner runner = null;
- try {
+ try {
if (runScripts) {
String handle = getDatabaseHandle(con);
String scriptPath = handle + "/310-to-400-migration.sql";
- successMessage("Running database upgrade script: "+scriptPath);
+ successMessage("Running database upgrade script: "+scriptPath);
runner = new SQLScriptRunner(scripts.getDatabaseScript(scriptPath));
runner.runScript(con, true);
messages.addAll(runner.getMessages());
@@ -285,76 +285,76 @@ public class DatabaseInstaller {
if (runner != null) {
messages.addAll(runner.getMessages());
}
-
+
errorMessage("Problem upgrading database to version 400", ex);
throw new StartupException("Problem upgrading database to version 400", ex);
}
-
-
+
+
// now upgrade hierarchical objects data model
try {
successMessage("Populating parentid columns for weblogcategory and folder tables");
-
+
// Populate parentid in weblogcategory and folder tables.
//
- // We'd like to do something like the below, but few databases
+ // We'd like to do something like the below, but few databases
// support multiple table udpates, which are part of SQL-99
//
- // update weblogcategory, weblogcategoryassoc
- // set weblogcategory.parentid = weblogcategoryassoc.ancestorid
- // where
- // weblogcategory.id = weblogcategoryassoc.categoryid
+ // update weblogcategory, weblogcategoryassoc
+ // set weblogcategory.parentid = weblogcategoryassoc.ancestorid
+ // where
+ // weblogcategory.id = weblogcategoryassoc.categoryid
// and weblogcategoryassoc.relation = 'PARENT';
//
- // update folder,folderassoc
- // set folder.parentid = folderassoc.ancestorid
- // where
- // folder.id = folderassoc.folderid
+ // update folder,folderassoc
+ // set folder.parentid = folderassoc.ancestorid
+ // where
+ // folder.id = folderassoc.folderid
// and folderassoc.relation = 'PARENT';
-
+
PreparedStatement selectParents = con.prepareStatement(
"select categoryid, ancestorid from weblogcategoryassoc where relation='PARENT'");
PreparedStatement updateParent = con.prepareStatement(
- "update weblogcategory set parentid=? where id=?");
+ "update weblogcategory set parentid=? where id=?");
ResultSet parentSet = selectParents.executeQuery();
while (parentSet.next()) {
String categoryid = parentSet.getString(1);
- String parentid = parentSet.getString(2);
+ String parentid = parentSet.getString(2);
updateParent.clearParameters();
updateParent.setString( 1, parentid);
updateParent.setString( 2, categoryid);
updateParent.executeUpdate();
}
-
+
selectParents = con.prepareStatement(
"select folderid, ancestorid from folderassoc where relation='PARENT'");
updateParent = con.prepareStatement(
- "update folder set parentid=? where id=?");
+ "update folder set parentid=? where id=?");
parentSet = selectParents.executeQuery();
while (parentSet.next()) {
String folderid = parentSet.getString(1);
- String parentid = parentSet.getString(2);
+ String parentid = parentSet.getString(2);
updateParent.clearParameters();
updateParent.setString( 1, parentid);
updateParent.setString( 2, folderid);
updateParent.executeUpdate();
}
-
+
if (!con.getAutoCommit()) {
con.commit();
}
-
+
successMessage("Done populating parentid columns.");
-
+
} catch (Exception e) {
errorMessage("Problem upgrading database to version 320", e);
throw new StartupException("Problem upgrading database to version 320", e);
}
-
-
+
+
try {
successMessage("Populating path columns for weblogcategory and folder tables.");
-
+
// Populate path in weblogcategory and folder tables.
//
// It would be nice if there was a simple sql solution for doing
@@ -362,13 +362,13 @@ public class DatabaseInstaller {
// force walking the hierarchical trees. Luckily, it seems that
// most people don't create multi-level hierarchies, so hopefully
// this won't be too bad
-
+
// set path to '/' for nodes with no parents (aka root nodes)
PreparedStatement setRootPaths = con.prepareStatement(
"update weblogcategory set path = '/' where parentid is NULL");
setRootPaths.clearParameters();
setRootPaths.executeUpdate();
-
+
// select all nodes whose parent has no parent (aka 1st level nodes)
PreparedStatement selectL1Children = con.prepareStatement(
"select f.id, f.name from weblogcategory f, weblogcategory p "+
@@ -379,17 +379,17 @@ public class DatabaseInstaller {
ResultSet L1Set = selectL1Children.executeQuery();
while (L1Set.next()) {
String id = L1Set.getString(1);
- String name = L1Set.getString(2);
+ String name = L1Set.getString(2);
updateL1Children.clearParameters();
updateL1Children.setString( 1, "/"+name);
updateL1Children.setString( 2, id);
updateL1Children.executeUpdate();
}
-
+
// now for the complicated part =(
// we need to keep iterating over L2, L3, etc nodes and setting
// their path until all nodes have been updated.
-
+
// select all nodes whose parent path has been set, excluding L1 nodes
PreparedStatement selectLxChildren = con.prepareStatement(
"select f.id, f.name, p.path from weblogcategory f, weblogcategory p "+
@@ -398,17 +398,17 @@ public class DatabaseInstaller {
// update Lx nodes with their path (<parentPath>/<name>)
PreparedStatement updateLxChildren = con.prepareStatement(
"update weblogcategory set path=? where id=?");
-
+
// this loop allows us to run this part of the upgrade process as
// long as is necessary based on the depth of the hierarchy, and
// we use the do/while construct to ensure it's run at least once
int catNumCounted = 0;
do {
log.debug("Doing pass over Lx children for categories");
-
+
// reset count for each iteration of outer loop
catNumCounted = 0;
-
+
ResultSet LxSet = selectLxChildren.executeQuery();
while (LxSet.next()) {
String id = LxSet.getString(1);
@@ -418,22 +418,22 @@ public class DatabaseInstaller {
updateLxChildren.setString( 1, parentPath+"/"+name);
updateLxChildren.setString( 2, id);
updateLxChildren.executeUpdate();
-
+
// count the updated rows
catNumCounted++;
}
-
+
log.debug("Updated "+catNumCounted+" Lx category paths");
} while(catNumCounted > 0);
-
-
-
+
+
+
// set path to '/' for nodes with no parents (aka root nodes)
setRootPaths = con.prepareStatement(
"update folder set path = '/' where parentid is NULL");
setRootPaths.clearParameters();
setRootPaths.executeUpdate();
-
+
// select all nodes whose parent has no parent (aka 1st level nodes)
selectL1Children = con.prepareStatement(
"select f.id, f.name from folder f, folder p "+
@@ -444,17 +444,17 @@ public class DatabaseInstaller {
L1Set = selectL1Children.executeQuery();
while (L1Set.next()) {
String id = L1Set.getString(1);
- String name = L1Set.getString(2);
+ String name = L1Set.getString(2);
updateL1Children.clearParameters();
updateL1Children.setString( 1, "/"+name);
updateL1Children.setString( 2, id);
updateL1Children.executeUpdate();
}
-
+
// now for the complicated part =(
// we need to keep iterating over L2, L3, etc nodes and setting
// their path until all nodes have been updated.
-
+
// select all nodes whose parent path has been set, excluding L1 nodes
selectLxChildren = con.prepareStatement(
"select f.id, f.name, p.path from folder f, folder p "+
@@ -463,17 +463,17 @@ public class DatabaseInstaller {
// update Lx nodes with their path (/<name>)
updateLxChildren = con.prepareStatement(
"update folder set path=? where id=?");
-
+
// this loop allows us to run this part of the upgrade process as
// long as is necessary based on the depth of the hierarchy, and
// we use the do/while construct to ensure it's run at least once
int folderNumUpdated = 0;
do {
log.debug("Doing pass over Lx children for folders");
-
+
// reset count for each iteration of outer loop
folderNumUpdated = 0;
-
+
ResultSet LxSet = selectLxChildren.executeQuery();
while (LxSet.next()) {
String id = LxSet.getString(1);
@@ -483,32 +483,32 @@ public class DatabaseInstaller {
updateLxChildren.setString( 1, parentPath+"/"+name);
updateLxChildren.setString( 2, id);
updateLxChildren.executeUpdate();
-
+
// count the updated rows
folderNumUpdated++;
}
-
+
log.debug("Updated "+folderNumUpdated+" Lx folder paths");
} while(folderNumUpdated > 0);
-
+
if (!con.getAutoCommit()) {
con.commit();
}
-
+
successMessage("Done populating path columns.");
-
+
} catch (SQLException e) {
log.error("Problem upgrading database to version 320", e);
throw new StartupException("Problem upgrading database to version 320", e);
}
-
-
+
+
// 4.0 changes the planet data model a bit, so we need to clean that up
try {
successMessage("Merging planet groups 'all' and 'external'");
-
+
// Move all subscriptions in the planet group 'external' to group 'all'
-
+
String allGroupId = null;
PreparedStatement selectAllGroupId = con.prepareStatement(
"select id from rag_group where handle = 'all'");
@@ -516,15 +516,15 @@ public class DatabaseInstaller {
if (rs.next()) {
allGroupId = rs.getString(1);
}
-
+
String externalGroupId = null;
PreparedStatement selectExternalGroupId = con.prepareStatement(
- "select id from rag_group where handle = 'external'");
+ "select id from rag_group where handle = 'external'");
rs = selectExternalGroupId.executeQuery();
if (rs.next()) {
externalGroupId = rs.getString(1);
}
-
+
// we only need to merge if both of those groups already existed
if(allGroupId != null && externalGroupId != null) {
PreparedStatement updateGroupSubs = con.prepareStatement(
@@ -533,59 +533,59 @@ public class DatabaseInstaller {
updateGroupSubs.setString( 1, allGroupId);
updateGroupSubs.setString( 2, externalGroupId);
updateGroupSubs.executeUpdate();
-
+
// we no longer need the group 'external'
PreparedStatement deleteExternalGroup = con.prepareStatement(
"delete from rag_group where handle = 'external'");
deleteExternalGroup.executeUpdate();
-
+
// if we only have group 'external' then just rename it to 'all'
} else if(allGroupId == null && externalGroupId != null) {
-
+
// rename 'external' to 'all'
PreparedStatement renameExternalGroup = con.prepareStatement(
"update rag_group set handle = 'all' where handle = 'external'");
renameExternalGroup.executeUpdate();
}
-
+
if (!con.getAutoCommit()) {
con.commit();
}
-
+
successMessage("Planet group 'external' merged into group 'all'.");
-
+
} catch (Exception e) {
errorMessage("Problem upgrading database to version 400", e);
throw new StartupException("Problem upgrading database to version 400", e);
}
-
-
+
+
// update local planet subscriptions to use new local feed format
try {
successMessage("Upgrading local planet subscription feeds to new feed url format");
-
+
// need to start by looking up absolute site url
- PreparedStatement selectAbsUrl =
+ PreparedStatement selectAbsUrl =
con.prepareStatement("select value from roller_properties where name = 'site.absoluteurl'");
String absUrl = null;
ResultSet rs = selectAbsUrl.executeQuery();
if(rs.next()) {
absUrl = rs.getString(1);
}
-
+
if(absUrl != null && absUrl.length() > 0) {
- PreparedStatement selectSubs =
+ PreparedStatement selectSubs =
con.prepareStatement("select id,feed_url,author from rag_subscription");
-
- PreparedStatement updateSubUrl =
+
+ PreparedStatement updateSubUrl =
con.prepareStatement("update rag_subscription set last_updated=last_updated, feed_url = ? where id = ?");
-
+
ResultSet rset = selectSubs.executeQuery();
while (rset.next()) {
String id = rset.getString(1);
String feed_url = rset.getString(2);
String handle = rset.getString(3);
-
+
// only work on local feed urls
if (feed_url.startsWith(absUrl)) {
// update feed_url to 'weblogger:<handle>'
@@ -596,23 +596,23 @@ public class DatabaseInstaller {
}
}
}
-
+
if (!con.getAutoCommit()) {
con.commit();
}
-
+
successMessage("Comments successfully updated to use new comment plugins.");
-
+
} catch (Exception e) {
errorMessage("Problem upgrading database to version 400", e);
throw new StartupException("Problem upgrading database to version 400", e);
}
-
-
+
+
// upgrade comments to use new plugin mechanism
try {
successMessage("Upgrading existing comments with content-type & plugins");
-
+
// look in db and see if comment autoformatting is enabled
boolean autoformatEnabled = false;
String autoformat = null;
@@ -625,7 +625,7 @@ public class DatabaseInstaller {
autoformatEnabled = true;
}
}
-
+
// look in db and see if comment html escaping is enabled
boolean htmlEnabled = false;
String escapehtml = null;
@@ -639,7 +639,7 @@ public class DatabaseInstaller {
htmlEnabled = true;
}
}
-
+
// first lets set the new 'users.comments.htmlenabled' property
PreparedStatement addCommentHtmlProp = con.prepareStatement("insert into roller_properties(name,value) values(?,?)");
addCommentHtmlProp.clearParameters();
@@ -650,13 +650,13 @@ public class DatabaseInstaller {
addCommentHtmlProp.setString(2, "false");
}
addCommentHtmlProp.executeUpdate();
-
+
// determine content-type for existing comments
String contentType = "text/plain";
if(htmlEnabled) {
contentType = "text/html";
}
-
+
// determine plugins for existing comments
String plugins = "";
if(htmlEnabled && autoformatEnabled) {
@@ -666,57 +666,57 @@ public class DatabaseInstaller {
} else if(autoformatEnabled) {
plugins = "AutoFormat";
}
-
+
// set new comment plugins configuration property 'users.comments.plugins'
- PreparedStatement addCommentPluginsProp =
+ PreparedStatement addCommentPluginsProp =
con.prepareStatement("insert into roller_properties(name,value) values(?,?)");
addCommentPluginsProp.clearParameters();
addCommentPluginsProp.setString(1, "users.comments.plugins");
addCommentPluginsProp.setString(2, plugins);
addCommentPluginsProp.executeUpdate();
-
+
// set content-type for all existing comments
- PreparedStatement updateCommentsContentType =
+ PreparedStatement updateCommentsContentType =
con.prepareStatement("update roller_comment set posttime=posttime, contenttype = ?");
updateCommentsContentType.clearParameters();
updateCommentsContentType.setString(1, contentType);
updateCommentsContentType.executeUpdate();
// set plugins for all existing comments
- PreparedStatement updateCommentsPlugins =
+ PreparedStatement updateCommentsPlugins =
con.prepareStatement("update roller_comment set posttime=posttime, plugins = ?");
updateCommentsPlugins.clearParameters();
updateCommentsPlugins.setString(1, plugins);
updateCommentsPlugins.executeUpdate();
-
+
if (!con.getAutoCommit()) {
con.commit();
}
-
+
successMessage("Comments successfully updated to use new comment plugins.");
-
+
} catch (Exception e) {
errorMessage("Problem upgrading database to version 400", e);
throw new StartupException("Problem upgrading database to version 400", e);
}
-
+
// finally, upgrade db version string to 400
updateDatabaseVersion(con, 400);
}
-
-
+
+
/**
* Upgrade database to Roller 5.0
*/
private void upgradeTo500(Connection con, boolean runScripts) throws StartupException {
-
- // first we need to run upgrade scripts
+
+ // first we need to run upgrade scripts
SQLScriptRunner runner = null;
- try {
+ try {
if (runScripts) {
String handle = getDatabaseHandle(con);
String scriptPath = handle + "/400-to-500-migration.sql";
- successMessage("Running database upgrade script: "+scriptPath);
+ successMessage("Running database upgrade script: "+scriptPath);
runner = new SQLScriptRunner(scripts.getDatabaseScript(scriptPath));
runner.runScript(con, true);
messages.addAll(runner.getMessages());
@@ -726,24 +726,24 @@ public class DatabaseInstaller {
if (runner != null) {
messages.addAll(runner.getMessages());
}
-
+
errorMessage("Problem upgrading database to version 500", ex);
throw new StartupException("Problem upgrading database to version 500", ex);
- }
+ }
}
/**
* Upgrade database to Roller 5.1
*/
private void upgradeTo510(Connection con, boolean runScripts) throws StartupException {
-
- // first we need to run upgrade scripts
+
+ // first we need to run upgrade scripts
SQLScriptRunner runner = null;
- try {
+ try {
if (runScripts) {
String handle = getDatabaseHandle(con);
String scriptPath = handle + "/500-to-510-migration.sql";
- successMessage("Running database upgrade script: "+scriptPath);
+ successMessage("Running database upgrade script: "+scriptPath);
runner = new SQLScriptRunner(scripts.getDatabaseScript(scriptPath));
runner.runScript(con, true);
messages.addAll(runner.getMessages());
@@ -753,10 +753,10 @@ public class DatabaseInstaller {
if (runner != null) {
messages.addAll(runner.getMessages());
}
-
+
errorMessage("Problem upgrading database to version 510", ex);
throw new StartupException("Problem upgrading database to version 510", ex);
- }
+ }
}
/**
@@ -790,7 +790,7 @@ public class DatabaseInstaller {
* Use database product name to get the database script directory name.
*/
public String getDatabaseHandle(Connection con) throws SQLException {
-
+
String productName = con.getMetaData().getDatabaseProductName();
String handle = "mysql";
if ( productName.toLowerCase().contains("mysql")) {
@@ -808,11 +808,11 @@ public class DatabaseInstaller {
} else if (productName.toLowerCase().contains("db2")) {
handle = "db2";
}
-
+
return handle;
}
-
+
/**
* Return true if named table exists in database.
*/
@@ -825,24 +825,24 @@ public class DatabaseInstaller {
}
return false;
}
-
-
+
+
private int getDatabaseVersion() throws StartupException {
int dbversion = -1;
-
+
// get the current db version
Connection con = null;
try {
con = db.getConnection();
Statement stmt = con.createStatement();
-
+
// just check in the roller_properties table
ResultSet rs = stmt.executeQuery(
"select value from roller_properties where name = '"+DBVERSION_PROP+"'");
-
+
if(rs.next()) {
dbversion = Integer.parseInt(rs.getString(1));
-
+
} else {
// tough to know if this is an upgrade with no db version :/
// however, if roller_properties is not empty then we at least
@@ -852,53 +852,53 @@ public class DatabaseInstaller {
dbversion = 120;
}
}
-
+
} catch(Exception e) {
// that's strange ... hopefully we didn't need to upgrade
- log.error("Couldn't lookup current database version", e);
+ log.error("Couldn't lookup current database version", e);
} finally {
try {
if (con != null) {
con.close();
}
} catch (Exception ignored) {}
- }
+ }
return dbversion;
}
-
-
- private int parseVersionString(String vstring) {
+
+
+ private int parseVersionString(String vstring) {
int myversion = 0;
-
+
// NOTE: this assumes a maximum of 3 digits for the version number
// so if we get to 10.0 then we'll need to upgrade this
-
+
// strip out non-digits
vstring = vstring.replaceAll("\\Q.\\E", "");
vstring = vstring.replaceAll("\\D", "");
if(vstring.length() > 3) {
vstring = vstring.substring(0, 3);
}
-
+
// parse to an int
try {
- int parsed = Integer.parseInt(vstring);
+ int parsed = Integer.parseInt(vstring);
if(parsed < 100) {
myversion = parsed * 10;
} else {
myversion = parsed;
}
} catch(Exception e) {}
-
+
return myversion;
}
-
+
/**
* Insert a new database.version property.
* This should only be called once for new installations
*/
- private void setDatabaseVersion(Connection con, String version)
+ private void setDatabaseVersion(Connection con, String version)
throws StartupException {
setDatabaseVersion(con, parseVersionString(version));
}
@@ -909,35 +909,36 @@ public class DatabaseInstaller {
*/
private void setDatabaseVersion(Connection con, int version)
throws StartupException {
-
+
try {
- Statement stmt = con.createStatement();
- stmt.executeUpdate("insert into roller_properties "+
- "values('"+DBVERSION_PROP+"', '"+version+"')");
-
+ PreparedStatement stmt = con.prepareStatement("insert into roller_properties values(?,?)");
+ stmt.setString(1, DBVERSION_PROP);
+ stmt.setString(2, String.valueOf(version));
+ stmt.executeUpdate();
+
log.debug("Set database verstion to "+version);
} catch(SQLException se) {
throw new StartupException("Error setting database version.", se);
}
}
-
-
+
+
/**
* Update the existing database.version property
*/
private void updateDatabaseVersion(Connection con, int version)
throws StartupException {
-
+
try {
- Statement stmt = con.createStatement();
- stmt.executeUpdate("update roller_properties "+
- "set value = '"+version+"'"+
- "where name = '"+DBVERSION_PROP+"'");
-
+ PreparedStatement stmt = con.prepareStatement("update roller_properties set value = ? where name = ?");
+ stmt.setString(1, String.valueOf(version));
+ stmt.setString(2, DBVERSION_PROP);
+ stmt.executeUpdate();
+
log.debug("Updated database verstion to "+version);
} catch(SQLException se) {
throw new StartupException("Error setting database version.", se);
- }
+ }
}
}