Rework SQL statements to actually use PreparedStatements for security reasons
Dieser Commit ist enthalten in:
Ursprung
583760c036
Commit
ec7d1c34d2
@ -20,7 +20,7 @@ public class BannedUserIPs {
|
||||
|
||||
public static List<BannedUserIPs> get(int userID){
|
||||
List<BannedUserIPs> userIPs = new ArrayList<>();
|
||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE UserID = '" + userID + "' ORDER BY Timestamp ASC");
|
||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE UserID = ? ORDER BY Timestamp ASC", userID);
|
||||
try {
|
||||
while(dbentry.next()){
|
||||
userIPs.add(new BannedUserIPs(
|
||||
@ -35,7 +35,7 @@ public class BannedUserIPs {
|
||||
|
||||
public static List<BannedUserIPs> get(String ip){
|
||||
List<BannedUserIPs> userIDs = new ArrayList<>();
|
||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE IP = '" + ip + "' ORDER BY Timestamp DESC");
|
||||
ResultSet dbentry = SQL.select("SELECT * FROM BannedUserIPs WHERE IP = ? ORDER BY Timestamp DESC", ip);
|
||||
try {
|
||||
while(dbentry.next()){
|
||||
userIDs.add(new BannedUserIPs(
|
||||
@ -49,12 +49,7 @@ public class BannedUserIPs {
|
||||
}
|
||||
|
||||
static void banIP(SteamwarUser user, String ip){
|
||||
SQL.update("INSERT INTO BannedUserIPs\n" +
|
||||
" (UserID, Timestamp, IP)\n" +
|
||||
"VALUES\n" +
|
||||
" (" + user.getId() + ", NOW(), '" + ip + "')\n" +
|
||||
"ON DUPLICATE KEY UPDATE\n" +
|
||||
" Timestamp=NOW()");
|
||||
SQL.update("INSERT INTO BannedUserIPs (UserID, Timestamp, IP) VALUES (?, NOW(), ?) ON DUPLICATE KEY UPDATE Timestamp=NOW()", user.getId(), ip);
|
||||
}
|
||||
|
||||
public int getUserID() {
|
||||
|
@ -39,12 +39,8 @@ public class BauweltMember{
|
||||
}
|
||||
|
||||
private void updateDB(){
|
||||
SQL.update("INSERT INTO BauweltMember" +
|
||||
" (BauweltID, MemberID, Build, WorldEdit, World)" +
|
||||
" VALUES" +
|
||||
" ('" + bauweltID + "', '" + memberID + "', '" + SQL.booleanToInt(build) + "', '" + SQL.booleanToInt(worldEdit) + "', '" + SQL.booleanToInt(world) + "')" +
|
||||
" ON DUPLICATE KEY UPDATE" +
|
||||
" Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)");
|
||||
SQL.update("INSERT INTO BauweltMember (BauweltID, MemberID, Build, WorldEdit, World) VALUES (?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)",
|
||||
bauweltID, memberID, build, worldEdit, world);
|
||||
}
|
||||
|
||||
public static BauweltMember getBauMember(UUID ownerID, UUID memberID){
|
||||
@ -52,7 +48,7 @@ public class BauweltMember{
|
||||
}
|
||||
|
||||
public static BauweltMember getBauMember(int ownerID, int memberID){
|
||||
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + ownerID + "' AND MemberID = '" + memberID + "'");
|
||||
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ? AND MemberID = ?", ownerID, memberID);
|
||||
try {
|
||||
if(member == null || !member.next()){
|
||||
return null;
|
||||
@ -73,7 +69,7 @@ public class BauweltMember{
|
||||
|
||||
public static List<BauweltMember> getMembers(int bauweltID){
|
||||
try{
|
||||
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + bauweltID + "'");
|
||||
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ?", bauweltID);
|
||||
List<BauweltMember> members = new ArrayList<>();
|
||||
while(memberlist.next()){
|
||||
int memberID = memberlist.getInt("MemberID");
|
||||
|
@ -20,13 +20,13 @@ public class Event {
|
||||
|
||||
private static Event current = null;
|
||||
|
||||
private Event(int eventID, String eventName, Timestamp start, Timestamp end, int maximumTeamMembers, boolean publicSchemsOnly){
|
||||
this.eventID = eventID;
|
||||
this.eventName = eventName;
|
||||
this.start = start;
|
||||
this.end = end;
|
||||
this.maximumTeamMembers = maximumTeamMembers;
|
||||
this.publicSchemsOnly = publicSchemsOnly;
|
||||
private Event(ResultSet rs) throws SQLException{
|
||||
this.eventID = rs.getInt("EventID");
|
||||
this.eventName = rs.getString("EventName");
|
||||
this.start = rs.getTimestamp("Start");
|
||||
this.end = rs.getTimestamp("End");
|
||||
this.maximumTeamMembers = rs.getInt("MaximumTeamMembers");
|
||||
this.publicSchemsOnly = rs.getBoolean("PublicSchemsOnly");
|
||||
}
|
||||
|
||||
public static Event get(){
|
||||
@ -40,7 +40,7 @@ public class Event {
|
||||
return null;
|
||||
}
|
||||
|
||||
current = new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
||||
current = new Event(rs);
|
||||
return current;
|
||||
}catch (SQLException e){
|
||||
BungeeCore.log("Failed to load current Event", e);
|
||||
@ -54,7 +54,7 @@ public class Event {
|
||||
if(!rs.next())
|
||||
throw new IllegalArgumentException();
|
||||
|
||||
return new Event(eventID, rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
||||
return new Event(rs);
|
||||
}catch (SQLException e){
|
||||
BungeeCore.log("Failed to load Event", e);
|
||||
throw new SecurityException();
|
||||
@ -62,12 +62,12 @@ public class Event {
|
||||
}
|
||||
|
||||
public static Event get(String eventName){
|
||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE lower(EventName) = '" + SQL.disarmString(eventName.toLowerCase()) + "'");
|
||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE lower(EventName) = ?", eventName.toLowerCase());
|
||||
try{
|
||||
if(!rs.next())
|
||||
return null;
|
||||
|
||||
return new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
||||
return new Event(rs);
|
||||
}catch (SQLException e){
|
||||
BungeeCore.log("Failed to load Event by name", e);
|
||||
throw new SecurityException();
|
||||
@ -79,7 +79,7 @@ public class Event {
|
||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE Start > now()");
|
||||
try{
|
||||
while(rs.next())
|
||||
events.add(new Event(rs.getInt("EventID"), rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly")));
|
||||
events.add(new Event(rs));
|
||||
}catch (SQLException e){
|
||||
BungeeCore.log("Failed to load Events", e);
|
||||
}
|
||||
|
@ -38,7 +38,7 @@ public class EventFight implements Comparable<EventFight> {
|
||||
|
||||
public void reschedule(){
|
||||
startTime = Timestamp.from(new Date().toInstant().plus(30, SECONDS));
|
||||
SQL.update("UPDATE EventFight SET StartTime = '" + startTime.toString() + "' WHERE EventID = " + eventID + " AND FightID = " + fightID);
|
||||
SQL.update("UPDATE EventFight SET StartTime = ? WHERE EventID = ? AND FightID = ?", startTime, eventID, fightID);
|
||||
}
|
||||
|
||||
public static void loadAllComingFights(){
|
||||
@ -54,7 +54,7 @@ public class EventFight implements Comparable<EventFight> {
|
||||
}
|
||||
|
||||
public static List<EventFight> getEvent(int eventID){
|
||||
ResultSet rs = SQL.select("SELECT * FROM EventFight WHERE EventID = " + eventID + " ORDER BY `StartTime` ASC");
|
||||
ResultSet rs = SQL.select("SELECT * FROM EventFight WHERE EventID = ? ORDER BY `StartTime` ASC", eventID);
|
||||
List<EventFight> fights = new LinkedList<>();
|
||||
try{
|
||||
while(rs.next())
|
||||
|
@ -17,8 +17,7 @@ public class Mod {
|
||||
}
|
||||
|
||||
public static Mod get(String modName, Platform platform){
|
||||
modName = SQL.disarmString(modName);
|
||||
ResultSet rs = SQL.select("SELECT * FROM Mods WHERE ModName = '" + modName + "' AND Platform = " + platform.value);
|
||||
ResultSet rs = SQL.select("SELECT * FROM Mods WHERE ModName = ? AND Platform = ?", modName, platform.value);
|
||||
try{
|
||||
if(rs.next())
|
||||
return new Mod(modName, platform, ModType.valueOf(rs.getInt("ModType")));
|
||||
@ -26,7 +25,7 @@ public class Mod {
|
||||
BungeeCore.log("Failed to load Mod", e);
|
||||
throw new SecurityException();
|
||||
}
|
||||
SQL.update("INSERT INTO Mods (ModName, Platform) VALUES ('" + modName + "'," + platform.value + ")");
|
||||
SQL.update("INSERT INTO Mods (ModName, Platform) VALUES ('" + modName + "'," + platform.value + ")", modName, platform.value);
|
||||
return new Mod(modName, platform, ModType.UNKLASSIFIED);
|
||||
}
|
||||
|
||||
|
@ -23,7 +23,7 @@ public class PollAnswer {
|
||||
}
|
||||
|
||||
public static PollAnswer get(int userID){
|
||||
ResultSet rs = SQL.select("SELECT * FROM PollAnswer WHERE UserID = " + userID + " AND Question = '" + PollSystem.getQuestion() + "'");
|
||||
ResultSet rs = SQL.select("SELECT * FROM PollAnswer WHERE UserID = ? AND Question = ?", userID, PollSystem.getQuestion());
|
||||
try {
|
||||
if(!rs.next())
|
||||
return new PollAnswer(userID, PollSystem.getQuestion());
|
||||
@ -40,6 +40,6 @@ public class PollAnswer {
|
||||
|
||||
public void setAnswer(int answer){
|
||||
this.answer = answer;
|
||||
SQL.update("INSERT INTO PollAnswer (UserID, Question, Answer) VALUES (" + userID + ",'" + question + "'," + answer + ") ON DUPLICATE KEY UPDATE Answer = VALUES(Answer)");
|
||||
SQL.update("INSERT INTO PollAnswer (UserID, Question, Answer) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE Answer = VALUES(Answer)", userID, question, answer);
|
||||
}
|
||||
}
|
||||
|
@ -41,60 +41,55 @@ public class SQL {
|
||||
}
|
||||
}
|
||||
|
||||
private static void sqlException(){
|
||||
close();
|
||||
connect(url, weburl, user, password);
|
||||
}
|
||||
|
||||
static void update(String qry) {
|
||||
try (PreparedStatement st = con.prepareStatement(qry)) {
|
||||
st.executeUpdate();
|
||||
static void update(String qry, Object... objects) {
|
||||
try {
|
||||
prepare(con, qry, objects).executeUpdate();
|
||||
} catch (SQLException e) {
|
||||
sqlException();
|
||||
try (PreparedStatement st = con.prepareStatement(qry)) {
|
||||
st.executeUpdate();
|
||||
} catch (SQLException ex) {
|
||||
BungeeCore.log("Could not execute update statement", ex);
|
||||
throw new SecurityException("Could not execute update statement", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static void webupdate(String qry) {
|
||||
try (PreparedStatement st = webcon.prepareStatement(qry)) {
|
||||
st.executeUpdate();
|
||||
} catch (SQLException e) {
|
||||
sqlException();
|
||||
try (PreparedStatement st = webcon.prepareStatement(qry)) {
|
||||
st.executeUpdate();
|
||||
} catch (SQLException ex) {
|
||||
BungeeCore.log("Could not execute update statement", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static ResultSet select(String qry){
|
||||
try{
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
return st.executeQuery();
|
||||
static void webupdate(String qry, Object... objects) {
|
||||
try {
|
||||
prepare(webcon, qry, objects).executeUpdate();
|
||||
} catch (SQLException e) {
|
||||
sqlException();
|
||||
try {
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
return st.executeQuery();
|
||||
prepare(webcon, qry, objects).executeUpdate();
|
||||
} catch (SQLException ex) {
|
||||
throw new SecurityException("Could not execute update statement", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static ResultSet select(String qry, Object... objects){
|
||||
try{
|
||||
return prepare(con, qry, objects).executeQuery();
|
||||
} catch (SQLException e) {
|
||||
sqlException();
|
||||
try {
|
||||
return prepare(con, qry, objects).executeQuery();
|
||||
} catch (SQLException ex) {
|
||||
throw new SecurityException("Could not run Select-Statement", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static String disarmString(String s){
|
||||
return s.replace("'", "");
|
||||
private static PreparedStatement prepare(Connection connection, String qry, Object... objects) throws SQLException{
|
||||
PreparedStatement st = connection.prepareStatement(qry);
|
||||
for(int i = 0; i < objects.length; i++){
|
||||
st.setObject(i+1, objects);
|
||||
}
|
||||
return st;
|
||||
}
|
||||
|
||||
static Integer booleanToInt(boolean b){
|
||||
if(b)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
private static void sqlException(){
|
||||
close();
|
||||
connect(url, weburl, user, password);
|
||||
}
|
||||
}
|
||||
|
@ -14,6 +14,6 @@ public class Session {
|
||||
}
|
||||
|
||||
public void stopSession(){
|
||||
SQL.update("INSERT INTO Session (UserID, StartTime, EndTime) VALUES ("+ userID + ", '" + startTime.toString() + "', NOW())");
|
||||
SQL.update("INSERT INTO Session (UserID, StartTime, EndTime) VALUES (?, ?, NOW())", userID, startTime);
|
||||
}
|
||||
}
|
||||
|
@ -30,7 +30,6 @@ public class SteamwarUser {
|
||||
private static final Map<UUID, SteamwarUser> usersByUUID = new HashMap<>();
|
||||
private static final Map<Integer, SteamwarUser> usersById = new HashMap<>();
|
||||
private static final Timestamp PERMA_BAN = Timestamp.from(Instant.ofEpochSecond(946684800));
|
||||
private static final String SELECT_UUID = "SELECT * FROM UserData WHERE UUID = '";
|
||||
|
||||
private SteamwarUser(ResultSet rs) throws SQLException {
|
||||
id = rs.getInt("id");
|
||||
@ -51,14 +50,14 @@ public class SteamwarUser {
|
||||
SteamwarUser user = SteamwarUser.get(connection.getUniqueId());
|
||||
|
||||
if(user != null){
|
||||
String userName = SQL.disarmString(connection.getName());
|
||||
String userName = connection.getName();
|
||||
if(!user.userName.equals(userName)){
|
||||
SQL.update("UPDATE UserData SET UserName = '" + userName + "' WHERE id = " + user.id);
|
||||
SQL.update("UPDATE UserData SET UserName = ? WHERE id = ?", userName, user.id);
|
||||
user.userName = userName;
|
||||
}
|
||||
}else{
|
||||
SQL.update("INSERT INTO UserData (UUID, UserName, UserGroup) VALUES ('" + connection.getUniqueId() + "', '" + connection.getName() + "', 'Member')");
|
||||
user = dbInit(SQL.select(SELECT_UUID + connection.getUniqueId().toString() + "'"));
|
||||
SQL.update("INSERT INTO UserData (UUID, UserName, UserGroup) VALUES (?, ?, 'Member')", connection.getUniqueId().toString(), connection.getName());
|
||||
user = dbInit(SQL.select("SELECT * FROM UserData WHERE UUID = ?", connection.getUniqueId()));
|
||||
if(user == null)
|
||||
throw new SecurityException("user == null");
|
||||
}
|
||||
@ -67,16 +66,16 @@ public class SteamwarUser {
|
||||
}
|
||||
|
||||
public static SteamwarUser get(String userName){
|
||||
userName = SQL.disarmString(userName).toLowerCase();
|
||||
userName = userName.toLowerCase();
|
||||
if(usersByName.containsKey(userName))
|
||||
return usersByName.get(userName);
|
||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE lower(UserName) = '" + userName + "'"));
|
||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE lower(UserName) = ?", userName));
|
||||
}
|
||||
|
||||
public static SteamwarUser get(UUID uuid){
|
||||
if(usersByUUID.containsKey(uuid))
|
||||
return usersByUUID.get(uuid);
|
||||
return dbInit(SQL.select(SELECT_UUID + uuid.toString() + "'"));
|
||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE UUID = ?", uuid.toString()));
|
||||
}
|
||||
|
||||
public static SteamwarUser get(ProxiedPlayer player){
|
||||
@ -86,7 +85,7 @@ public class SteamwarUser {
|
||||
public static SteamwarUser get(int id){
|
||||
if(usersById.containsKey(id))
|
||||
return usersById.get(id);
|
||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE id = " + id));
|
||||
return dbInit(SQL.select("SELECT * FROM UserData WHERE id = ?", id));
|
||||
}
|
||||
|
||||
public static void clearCache(){
|
||||
@ -96,17 +95,12 @@ public class SteamwarUser {
|
||||
}
|
||||
|
||||
public void setWebpw(String password){
|
||||
SQL.webupdate("INSERT INTO User\n" +
|
||||
" (UID, WebPassword)\n" +
|
||||
"VALUES\n" +
|
||||
" (" + id + ", password('"+ SQL.disarmString(password) + "'))\n" +
|
||||
"ON DUPLICATE KEY UPDATE\n" +
|
||||
" WebPassword = VALUES(WebPassword)");
|
||||
SQL.webupdate("INSERT INTO User (UID, WebPassword) VALUES (?, password(?)) ON DUPLICATE KEY UPDATE WebPassword = VALUES(WebPassword)", id, password);
|
||||
}
|
||||
|
||||
public void setTeam(int team){
|
||||
this.team = team;
|
||||
SQL.update("Update UserData SET Team = " + team + " WHERE id = " + id);
|
||||
SQL.update("Update UserData SET Team = ? WHERE id = ?", team, id);
|
||||
}
|
||||
|
||||
public int getId() {
|
||||
@ -135,8 +129,8 @@ public class SteamwarUser {
|
||||
} else if (banTime.after(new Date()) || banTime.before(PERMA_BAN)) {
|
||||
return true;
|
||||
} else {
|
||||
SQL.update("UPDATE UserData SET BanTime = NULL, BanReason = '' WHERE id = " + id);
|
||||
SQL.update("DELETE FROM BannedUserIPs WHERE UserID = '" + getId() + "'");
|
||||
SQL.update("UPDATE UserData SET BanTime = NULL, BanReason = '' WHERE id = ?", id);
|
||||
SQL.update("DELETE FROM BannedUserIPs WHERE UserID = ?", id);
|
||||
banTime = null;
|
||||
banReason = "";
|
||||
return false;
|
||||
@ -149,7 +143,7 @@ public class SteamwarUser {
|
||||
}else if(muteTime.after(new Date()) || muteTime.before(PERMA_BAN)){
|
||||
return true;
|
||||
}else{
|
||||
SQL.update("UPDATE UserData SET MuteTime = NULL, MuteReason = '' WHERE id = " + id);
|
||||
SQL.update("UPDATE UserData SET MuteTime = NULL, MuteReason = '' WHERE id = ?", id);
|
||||
muteTime = null;
|
||||
muteReason = "";
|
||||
return false;
|
||||
@ -179,7 +173,7 @@ public class SteamwarUser {
|
||||
}
|
||||
|
||||
public void ban(Timestamp time, String banReason){
|
||||
SQL.update("UPDATE UserData SET BanTime = '" + time.toString() + "', BanReason = '" + banReason + "' WHERE id = " + id);
|
||||
SQL.update("UPDATE UserData SET BanTime = ?, BanReason = ? WHERE id = ?", time, banReason, id);
|
||||
banTime = time;
|
||||
this.banReason = banReason;
|
||||
|
||||
@ -192,7 +186,7 @@ public class SteamwarUser {
|
||||
}
|
||||
|
||||
public void mute(Timestamp time, String muteReason){
|
||||
SQL.update("UPDATE UserData SET MuteTime = '" + time.toString() + "', MuteReason = '" + muteReason + "' WHERE id = " + id);
|
||||
SQL.update("UPDATE UserData SET MuteTime = ?, MuteReason = ? WHERE id = ?", time, muteReason, id);
|
||||
muteTime = time;
|
||||
this.muteReason = muteReason;
|
||||
}
|
||||
|
@ -32,10 +32,7 @@ public class Team {
|
||||
}
|
||||
|
||||
public static void create(String kuerzel, String name, int leader){
|
||||
SQL.update("INSERT INTO Team" +
|
||||
" (TeamKuerzel, TeamName, TeamLeader)" +
|
||||
" VALUES" +
|
||||
" ('" + kuerzel + "', '" + name + "', '" + leader + "')");
|
||||
SQL.update("INSERT INTO Team (TeamKuerzel, TeamName, TeamLeader) VALUES (?, ?, ?)", kuerzel, name, leader);
|
||||
}
|
||||
|
||||
public static Team get(int id){
|
||||
@ -46,7 +43,7 @@ public class Team {
|
||||
for(Team team : teamCache)
|
||||
if(team.teamId == id)
|
||||
return team;
|
||||
return load(select("SELECT * FROM Team WHERE TeamID = " + id));
|
||||
return load(select("SELECT * FROM Team WHERE TeamID = ?", id));
|
||||
}
|
||||
|
||||
public static Team get(String name){
|
||||
@ -56,7 +53,7 @@ public class Team {
|
||||
for(Team team : teamCache)
|
||||
if(team.teamKuerzel.equalsIgnoreCase(name))
|
||||
return team;
|
||||
return load(select("SELECT * FROM Team WHERE (lower(TeamName) = '" + SQL.disarmString(name).toLowerCase() + "' OR lower(TeamKuerzel) = '" + SQL.disarmString(name).toLowerCase() + "') AND NOT TeamDeleted"));
|
||||
return load(select("SELECT * FROM Team WHERE (lower(TeamName) = ? OR lower(TeamKuerzel) = ?) AND NOT TeamDeleted", name.toLowerCase(), name.toLowerCase()));
|
||||
}
|
||||
|
||||
public static List<Team> getAll(){
|
||||
@ -90,12 +87,7 @@ public class Team {
|
||||
}
|
||||
|
||||
private void updateDB(){
|
||||
SQL.update("INSERT INTO Team" +
|
||||
" (TeamID, TeamKuerzel, TeamName, TeamLeader)" +
|
||||
" VALUES" +
|
||||
" ('" + teamId + "', '" + teamKuerzel + "', '" + teamName + "', '" + teamLeader + "')" +
|
||||
" ON DUPLICATE KEY UPDATE" +
|
||||
" TeamName = VALUES(TeamName), TeamKuerzel = VALUES(TeamKuerzel), TeamLeader = VALUES(TeamLeader)");
|
||||
SQL.update("INSERT INTO Team (TeamID, TeamKuerzel, TeamName, TeamLeader) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE TeamName = VALUES(TeamName), TeamKuerzel = VALUES(TeamKuerzel), TeamLeader = VALUES(TeamLeader)", teamId, teamKuerzel, teamName, teamLeader);
|
||||
}
|
||||
|
||||
public int getTeamId() {
|
||||
@ -107,7 +99,7 @@ public class Team {
|
||||
}
|
||||
|
||||
public void setTeamKuerzel(String teamKuerzel) {
|
||||
this.teamKuerzel = SQL.disarmString(teamKuerzel);
|
||||
this.teamKuerzel = teamKuerzel;
|
||||
updateDB();
|
||||
}
|
||||
|
||||
@ -116,7 +108,7 @@ public class Team {
|
||||
}
|
||||
|
||||
public void setTeamName(String teamName) {
|
||||
this.teamName = SQL.disarmString(teamName);
|
||||
this.teamName = teamName;
|
||||
updateDB();
|
||||
}
|
||||
|
||||
@ -130,7 +122,7 @@ public class Team {
|
||||
}
|
||||
|
||||
public int size(){
|
||||
ResultSet rs = select("SELECT COUNT(id) FROM UserData WHERE Team = " + teamId);
|
||||
ResultSet rs = select("SELECT COUNT(id) FROM UserData WHERE Team = ?", teamId);
|
||||
try {
|
||||
rs.next();
|
||||
return rs.getInt("COUNT(id)");
|
||||
@ -141,13 +133,13 @@ public class Team {
|
||||
}
|
||||
|
||||
public void disband(){
|
||||
SQL.update("UPDATE Team SET TeamDeleted = 1, TeamLeader = NULL WHERE TeamID = " + teamId);
|
||||
SQL.update("UPDATE Team SET TeamDeleted = 1, TeamLeader = NULL WHERE TeamID = ?", teamId);
|
||||
teamCache.remove(this);
|
||||
}
|
||||
|
||||
public List<Integer> getMembers(){
|
||||
try{
|
||||
ResultSet memberlist = select("SELECT id FROM UserData WHERE Team = '" + teamId + "'");
|
||||
ResultSet memberlist = select("SELECT id FROM UserData WHERE Team = ?", teamId);
|
||||
List<Integer> members = new ArrayList<>();
|
||||
while(memberlist.next()){
|
||||
members.add(memberlist.getInt("id"));
|
||||
|
@ -11,15 +11,15 @@ public class TeamTeilnahme {
|
||||
private TeamTeilnahme(){}
|
||||
|
||||
public static void teilnehmen(int teamID, int eventID){
|
||||
SQL.update("INSERT INTO TeamTeilnahme (TeamID, EventID) VALUES (" + teamID + "," + eventID + ")");
|
||||
SQL.update("INSERT INTO TeamTeilnahme (TeamID, EventID) VALUES (?, ?)", teamID, eventID);
|
||||
}
|
||||
|
||||
public static void notTeilnehmen(int teamID, int eventID){
|
||||
SQL.update("DELETE FROM TeamTeilnahme WHERE TeamID = " + teamID + " AND EventID = " + eventID);
|
||||
SQL.update("DELETE FROM TeamTeilnahme WHERE TeamID = ? AND EventID = ?", teamID, eventID);
|
||||
}
|
||||
|
||||
public static boolean nimmtTeil(int teamID, int eventID){
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = " + teamID + " AND EventID = " + eventID);
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = ? AND EventID = ?", teamID, eventID);
|
||||
try{
|
||||
return rs.next();
|
||||
}catch (SQLException e){
|
||||
@ -30,7 +30,7 @@ public class TeamTeilnahme {
|
||||
|
||||
public static Set<Team> getTeams(int eventID){
|
||||
Set<Team> teams = new HashSet<>();
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE EventID = " + eventID);
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE EventID = ?", eventID);
|
||||
try{
|
||||
while(rs.next())
|
||||
teams.add(Team.get(rs.getInt("TeamID")));
|
||||
@ -42,7 +42,7 @@ public class TeamTeilnahme {
|
||||
|
||||
public static Set<Event> getEvents(int teamID){
|
||||
Set<Event> events = new HashSet<>();
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = " + teamID);
|
||||
ResultSet rs = SQL.select("SELECT * FROM TeamTeilnahme WHERE TeamID = ?", teamID);
|
||||
try{
|
||||
while(rs.next())
|
||||
events.add(Event.get(rs.getInt("EventID")));
|
||||
|
In neuem Issue referenzieren
Einen Benutzer sperren