Rework SQL statements to actually use PreparedStatements for security reasons #45
@ -36,17 +36,13 @@ public class BauweltMember{
|
||||
}
|
||||
|
||||
public void remove(){
|
||||
SQL.update("DELETE FROM BauweltMember WHERE BauweltID = " + bauweltID + " AND MemberID = " + memberID);
|
||||
SQL.update("DELETE FROM BauweltMember WHERE BauweltID = ? AND MemberID = ?", bauweltID, memberID);
|
||||
members.remove(this);
|
||||
}
|
||||
|
||||
private void updateDB(){
|
||||
SQL.update("INSERT INTO BauweltMember" +
|
||||
" (BauweltID, MemberID, Build, WorldEdit, World)" +
|
||||
" VALUES" +
|
||||
" ('" + bauweltID + "', '" + memberID + "', '" + SQL.booleanToInt(build) + "', '" + SQL.booleanToInt(worldEdit) + "', '" + SQL.booleanToInt(world) + "')" +
|
||||
" ON DUPLICATE KEY UPDATE" +
|
||||
" Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)");
|
||||
SQL.update("INSERT INTO BauweltMember (BauweltID, MemberID, Build, WorldEdit, World) VALUES (?, ?, ?, ?, ?) ON DUPLICATE KEY UPDATE Build = VALUES(Build), WorldEdit = VALUES(WorldEdit), World = VALUES(World)",
|
||||
bauweltID, memberID, build, worldEdit, world);
|
||||
}
|
||||
|
||||
public static BauweltMember getBauMember(UUID ownerID, UUID memberID){
|
||||
@ -57,7 +53,7 @@ public class BauweltMember{
|
||||
for(BauweltMember member : members)
|
||||
if(member.memberID == memberID)
|
||||
return member;
|
||||
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + ownerID + "' AND MemberID = '" + memberID + "'");
|
||||
ResultSet member = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ? AND MemberID = ?", ownerID, memberID);
|
||||
try {
|
||||
if(member == null || !member.next()){
|
||||
return null;
|
||||
@ -77,7 +73,7 @@ public class BauweltMember{
|
||||
|
||||
public static List<BauweltMember> getMembers(int bauweltID){
|
||||
try{
|
||||
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = '" + bauweltID + "'");
|
||||
ResultSet memberlist = SQL.select("SELECT * FROM BauweltMember WHERE BauweltID = ?", bauweltID);
|
||||
List<BauweltMember> members = new LinkedList<>();
|
||||
while(memberlist.next()){
|
||||
int memberID = memberlist.getInt("MemberID");
|
||||
|
@ -21,12 +21,12 @@ public class CheckedSchematic {
|
||||
private final String declineReason;
|
||||
|
||||
private CheckedSchematic(String schemName, int schemOwner, int validator, Timestamp startTime, Timestamp endTime, String declineReason, boolean insertDB){
|
||||
this.schemName = SQL.disarmString(schemName);
|
||||
this.schemName = schemName;
|
||||
this.schemOwner = schemOwner;
|
||||
this.validator = validator;
|
||||
this.startTime = startTime;
|
||||
this.endTime = endTime;
|
||||
this.declineReason = SQL.disarmString(declineReason);
|
||||
this.declineReason = declineReason;
|
||||
if(insertDB)
|
||||
insertDB();
|
||||
}
|
||||
@ -41,9 +41,8 @@ public class CheckedSchematic {
|
||||
|
||||
private void insertDB(){
|
||||
SQL.update("INSERT INTO CheckedSchematic" +
|
||||
" (SchemName, SchemOwner, Validator, StartTime, EndTime, DeclineReason)" +
|
||||
" VALUES" +
|
||||
" ('"+ schemName + "', '" + schemOwner + "', '" + validator + "', '" + startTime.toString() + "', '" + endTime.toString() + "', '" + declineReason + "')");
|
||||
" (SchemName, SchemOwner, Validator, StartTime, EndTime, DeclineReason) VALUES (?, ?, ?, ?, ?, ?)",
|
||||
schemName, schemOwner, validator, startTime, endTime, declineReason);
|
||||
}
|
||||
|
||||
public static List<CheckedSchematic> getLastDeclined(UUID schemOwner){
|
||||
@ -53,7 +52,7 @@ public class CheckedSchematic {
|
||||
public static List<CheckedSchematic> getLastDelined(int schemOwner){
|
||||
List<CheckedSchematic> lastDeclined = new LinkedList<>();
|
||||
try{
|
||||
ResultSet lastRS = SQL.select("SELECT * FROM CheckedSchematic WHERE SchemOwner = '" + schemOwner + "' AND DeclineReason != '' ORDER BY EndTime DESC");
|
||||
ResultSet lastRS = SQL.select("SELECT * FROM CheckedSchematic WHERE SchemOwner = ? AND DeclineReason != '' ORDER BY EndTime DESC", schemOwner);
|
||||
while(lastRS.next()){
|
||||
String schemName = lastRS.getString("SchemName");
|
||||
int validator = lastRS.getInt("Validator");
|
||||
@ -69,7 +68,7 @@ public class CheckedSchematic {
|
||||
}
|
||||
|
||||
public void remove() {
|
||||
SQL.update("DELETE FROM CheckedSchematic WHERE SchemOwner = " + this.schemOwner + " AND SchemName = '" + this.schemName + "'");
|
||||
SQL.update("DELETE FROM CheckedSchematic WHERE SchemOwner = ? AND SchemName = ?", schemOwner, schemName);
|
||||
}
|
||||
|
||||
public String getSchemName() {
|
||||
|
@ -13,7 +13,7 @@ public class DownloadSchematic {
|
||||
private static final String BASE = "https://steamwar.de/download.php?schem=";
|
||||
|
||||
public static String getLink(Schematic schem){
|
||||
ResultSet rs = SQL.select("SELECT * FROM SchemDownload WHERE SchemID = " + schem.getSchemID());
|
||||
ResultSet rs = SQL.select("SELECT * FROM SchemDownload WHERE SchemID = ?", schem.getSchemID());
|
||||
try {
|
||||
if(rs.next())
|
||||
return BASE + rs.getString("Link");
|
||||
@ -30,7 +30,7 @@ public class DownloadSchematic {
|
||||
cript.reset();
|
||||
cript.update((Instant.now().toString() + schem.getSchemOwner() + schem.getSchemID()).getBytes());
|
||||
String hash = DatatypeConverter.printHexBinary(cript.digest());
|
||||
SQL.update("INSERT INTO SchemDownload (SchemID, Link) VALUES (" + schem.getSchemID() + ", '" + hash + "')");
|
||||
SQL.update("INSERT INTO SchemDownload (SchemID, Link) VALUES (?, ?)", schem.getSchemID(), hash);
|
||||
return BASE + hash;
|
||||
}
|
||||
}
|
||||
|
@ -16,22 +16,22 @@ public class Event {
|
||||
private final int maximumTeamMembers;
|
||||
private final boolean publicSchemsOnly;
|
||||
|
||||
private Event(int eventID, String eventName, Timestamp start, Timestamp end, int maximumTeamMembers, boolean publicSchemsOnly){
|
||||
this.eventID = eventID;
|
||||
this.eventName = eventName;
|
||||
this.start = start;
|
||||
this.end = end;
|
||||
this.maximumTeamMembers = maximumTeamMembers;
|
||||
this.publicSchemsOnly = publicSchemsOnly;
|
||||
private Event(ResultSet rs) throws SQLException{
|
||||
this.eventID = rs.getInt("EventID");
|
||||
this.eventName = rs.getString("EventName");
|
||||
this.start = rs.getTimestamp("Start");
|
||||
this.end = rs.getTimestamp("End");
|
||||
this.maximumTeamMembers = rs.getInt("MaximumTeamMembers");
|
||||
this.publicSchemsOnly = rs.getBoolean("PublicSchemsOnly");
|
||||
}
|
||||
|
||||
public static Event get(int eventID){
|
||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE EventID = " + eventID);
|
||||
ResultSet rs = SQL.select("SELECT * FROM Event WHERE EventID = ?", eventID);
|
||||
try{
|
||||
if(!rs.next())
|
||||
throw new IllegalArgumentException();
|
||||
|
||||
return new Event(eventID, rs.getString("EventName"), rs.getTimestamp("Start"), rs.getTimestamp("End"), rs.getInt("MaximumTeamMembers"), rs.getBoolean("PublicSchemsOnly"));
|
||||
return new Event(rs);
|
||||
}catch (SQLException e){
|
||||
Bukkit.getLogger().log(Level.SEVERE, "Failed to load Event", e);
|
||||
throw new SecurityException();
|
||||
|
@ -14,26 +14,20 @@ public class EventFight {
|
||||
private int kampfleiter;
|
||||
private int ergebnis;
|
||||
|
||||
private EventFight(int eventID, int fightID, int teamBlue, int teamRed, int kampfleiter, int ergebnis){
|
||||
this.eventID = eventID;
|
||||
this.fightID = fightID;
|
||||
this.teamBlue = teamBlue;
|
||||
this.teamRed = teamRed;
|
||||
this.kampfleiter = kampfleiter;
|
||||
this.ergebnis = ergebnis;
|
||||
private EventFight(ResultSet rs) throws SQLException{
|
||||
this.eventID = rs.getInt("EventID");
|
||||
this.fightID = rs.getInt("FightID");
|
||||
this.teamBlue = rs.getInt("TeamBlue");
|
||||
this.teamRed = rs.getInt("TeamRed");
|
||||
this.kampfleiter = rs.getInt("Kampfleiter");
|
||||
this.ergebnis = rs.getInt("Ergebnis");
|
||||
}
|
||||
|
||||
public static EventFight get(int fightID){
|
||||
ResultSet rs = SQL.select("SELECT * FROM EventFight WHERE FightID = " + fightID);
|
||||
try{
|
||||
rs.next();
|
||||
return new EventFight(
|
||||
rs.getInt("EventID"),
|
||||
fightID,
|
||||
rs.getInt("TeamBlue"),
|
||||
rs.getInt("TeamRed"),
|
||||
rs.getInt("Kampfleiter"),
|
||||
rs.getInt("Ergebnis"));
|
||||
return new EventFight(rs);
|
||||
}catch (SQLException e){
|
||||
Bukkit.getLogger().log(Level.SEVERE, "Failed to load EventFight", e);
|
||||
}
|
||||
@ -41,7 +35,7 @@ public class EventFight {
|
||||
}
|
||||
|
||||
public void setErgebnis(int winner){
|
||||
SQL.update("UPDATE EventFight SET Ergebnis = " + winner + " WHERE FightID = " + fightID);
|
||||
SQL.update("UPDATE EventFight SET Ergebnis = ? WHERE FightID = ?", winner, fightID);
|
||||
}
|
||||
|
||||
public int getTeamBlue() {
|
||||
|
@ -8,9 +8,8 @@ public class Fight {
|
||||
private Fight(){}
|
||||
|
||||
public static int create(String gamemode, String arena, Timestamp starttime, int duration, int blueleader, int redleader, int blueschem, int redschem, int win, String wincondition){
|
||||
SQL.update("INSERT INTO Fight (GameMode, Arena, StartTime, Duration, BlueLeader, RedLeader, BlueSchem, RedSchem, Win, WinCondition) VALUES (" +
|
||||
"'" + SQL.disarmString(gamemode) + "', '" + SQL.disarmString(arena) + "', '" + starttime.toString() + "', " + duration + ", " + blueleader + ", " + redleader + ", " + blueschem + ", " + redschem + ", " + win + ", '" + SQL.disarmString(wincondition) + "'" +
|
||||
")");
|
||||
SQL.update("INSERT INTO Fight (GameMode, Arena, StartTime, Duration, BlueLeader, RedLeader, BlueSchem, RedSchem, Win, WinCondition) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
|
||||
gamemode, arena, starttime, duration, blueleader, redleader,blueschem, redschem, win, wincondition);
|
||||
ResultSet rs = SQL.select("SELECT LAST_INSERT_ID() AS FightID");
|
||||
try{
|
||||
if(!rs.next())
|
||||
|
@ -4,8 +4,7 @@ public class FightPlayer {
|
||||
private FightPlayer(){}
|
||||
|
||||
public static void create(int fightID, int userID, String kit, int kills, boolean isOut){
|
||||
SQL.update("INSERT INTO FightPlayer (FightID, UserID, Kit, Kills, IsOut) VALUES (" +
|
||||
fightID + ", " + userID + ", '" + SQL.disarmString(kit) + "', " + kills + ", " + SQL.booleanToInt(isOut) +
|
||||
")");
|
||||
SQL.update("INSERT INTO FightPlayer (FightID, UserID, Kit, Kills, IsOut) VALUES (?, ?, ?, ?, ?)",
|
||||
fightID, userID, kit, kills, isOut);
|
||||
}
|
||||
}
|
||||
|
@ -23,7 +23,7 @@ public class PersonalKit {
|
||||
}
|
||||
|
||||
public static PersonalKit get(int userID, String gamemode){
|
||||
ResultSet rs = SQL.select("SELECT * FROM PersonalKit WHERE UserID = '" + userID + "' AND GameMode = '" + SQL.disarmString(gamemode) + "'");
|
||||
ResultSet rs = SQL.select("SELECT * FROM PersonalKit WHERE UserID = ? AND GameMode = ?", userID, gamemode);
|
||||
try {
|
||||
if(!rs.next())
|
||||
return null;
|
||||
@ -41,12 +41,8 @@ public class PersonalKit {
|
||||
YamlConfiguration armorConfig = new YamlConfiguration();
|
||||
armorConfig.set("Armor", armor);
|
||||
|
||||
SQL.update("INSERT INTO PersonalKit" +
|
||||
" (UserID, GameMode, Inventory, Armor)" +
|
||||
" VALUES" +
|
||||
" ('" + userID + "', '" + gamemode + "', '" + SQL.disarmString(inventoryConfig.saveToString()) + "', '" + SQL.disarmString(armorConfig.saveToString()) + "')" +
|
||||
" ON DUPLICATE KEY UPDATE" +
|
||||
" Inventory = VALUES(Inventory), Armor = VALUES(Armor)");
|
||||
SQL.update("INSERT INTO PersonalKit (UserID, GameMode, Inventory, Armor) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE Inventory = VALUES(Inventory), Armor = VALUES(Armor)",
|
||||
userID, gamemode, inventoryConfig.saveToString(), armorConfig.saveToString());
|
||||
return get(userID, gamemode);
|
||||
}
|
||||
|
||||
|
@ -33,13 +33,6 @@ public class SQL {
|
||||
|
||||
connect();
|
||||
}
|
||||
|
||||
static Integer booleanToInt(boolean b){
|
||||
if(b)
|
||||
return 1;
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
public static void closeConnection() {
|
||||
try {
|
||||
@ -48,45 +41,53 @@ public class SQL {
|
||||
throw new SecurityException("Could not close connection", e);
|
||||
}
|
||||
}
|
||||
|
||||
static Connection getCon(){
|
||||
return con;
|
||||
}
|
||||
|
||||
static void update(String qry) {
|
||||
static void update(String qry, Object... objects) {
|
||||
try {
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
st.executeUpdate();
|
||||
prepare(qry, objects).executeUpdate();
|
||||
} catch (SQLException e) {
|
||||
reconnect();
|
||||
try {
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
st.executeUpdate();
|
||||
prepare(qry, objects).executeUpdate();
|
||||
} catch (SQLException ex) {
|
||||
throw new SecurityException("Could not perform update", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static ResultSet select(String qry) {
|
||||
|
||||
static ResultSet select(String qry, Object... objects){
|
||||
try {
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
return st.executeQuery();
|
||||
return prepare(qry, objects).executeQuery();
|
||||
} catch (SQLException e) {
|
||||
reconnect();
|
||||
try {
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
return st.executeQuery();
|
||||
return prepare(qry, objects).executeQuery();
|
||||
} catch (SQLException ex) {
|
||||
throw new SecurityException("Could not perform select", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
static String disarmString(String s){
|
||||
return s.replace("'", "");
|
||||
static Blob blob(){
|
||||
try {
|
||||
return con.createBlob();
|
||||
} catch (SQLException e) {
|
||||
reconnect();
|
||||
try {
|
||||
return con.createBlob();
|
||||
} catch (SQLException ex) {
|
||||
throw new SecurityException("Could not create blob", ex);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private static PreparedStatement prepare(String qry, Object... objects) throws SQLException{
|
||||
PreparedStatement st = con.prepareStatement(qry);
|
||||
for(int i = 0; i < objects.length; i++){
|
||||
st.setObject(i+1, objects[i]);
|
||||
}
|
||||
return st;
|
||||
}
|
||||
|
||||
private static void connect() {
|
||||
try {
|
||||
|
@ -13,7 +13,7 @@ public class SWException {
|
||||
if(logDisabled)
|
||||
return;
|
||||
|
||||
String server = SQL.disarmString(Bukkit.getWorlds().get(0).getName());
|
||||
String server = Bukkit.getWorlds().get(0).getName();
|
||||
StringBuilder stacktrace = new StringBuilder(logEvent.getSource().toString());
|
||||
|
||||
Throwable throwable = logEvent.getThrown();
|
||||
@ -40,6 +40,7 @@ public class SWException {
|
||||
for(Player player : Bukkit.getOnlinePlayers())
|
||||
message += player.getName() + " ";
|
||||
|
||||
SQL.update("INSERT INTO Exception (server, message, stacktrace) VALUES ('" + server + "', '" + SQL.disarmString(message) + "', '" + SQL.disarmString(stacktrace.toString()) + "')");
|
||||
SQL.update("INSERT INTO Exception (server, message, stacktrace) VALUES (?, ?, ?)",
|
||||
server, message, stacktrace.toString());
|
||||
}
|
||||
}
|
||||
|
@ -4,11 +4,9 @@ import com.sk89q.worldedit.extent.clipboard.Clipboard;
|
||||
import de.steamwar.core.Core;
|
||||
import org.bukkit.entity.Player;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.sql.Blob;
|
||||
import java.sql.PreparedStatement;
|
||||
import java.sql.ResultSet;
|
||||
import java.sql.SQLException;
|
||||
import java.util.ArrayList;
|
||||
@ -42,12 +40,8 @@ public class Schematic {
|
||||
}
|
||||
|
||||
public static void createSchem(String schemName, int schemOwner, String item, SchematicType schemType){
|
||||
SQL.update("INSERT INTO Schematic" +
|
||||
" (SchemName, SchemOwner, Item, SchemType)" +
|
||||
" VALUES" +
|
||||
" ('" + schemName + "', '" + schemOwner + "', '" + item + "', '" + schemType.toDB() + "')" +
|
||||
" ON DUPLICATE KEY UPDATE" +
|
||||
" Item = VALUES(Item), SchemType = VALUES(SchemType)");
|
||||
SQL.update("INSERT INTO Schematic (SchemName, SchemOwner, Item, SchemType) VALUES (?, ?, ?, ?) ON DUPLICATE KEY UPDATE Item = VALUES(Item), SchemType = VALUES(SchemType)",
|
||||
schemName, schemOwner, item, schemType.toDB());
|
||||
}
|
||||
|
||||
public static Schematic getSchemFromDB(String schemName, UUID schemOwner){
|
||||
@ -55,8 +49,7 @@ public class Schematic {
|
||||
}
|
||||
|
||||
public static Schematic getSchemFromDB(String schemName, int schemOwner){
|
||||
schemName = SQL.disarmString(schemName);
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemName = '" + schemName + "' AND SchemOwner = '" + schemOwner + "'");
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemName = ? AND SchemOwner = ?", schemName, schemOwner);
|
||||
try {
|
||||
if(schematic == null || !schematic.next()){
|
||||
SchematicMember member = SchematicMember.getMemberBySchematic(schemName, schemOwner);
|
||||
@ -77,7 +70,7 @@ public class Schematic {
|
||||
|
||||
public static List<Schematic> getSchemsAccessibleByUser(int schemOwner){
|
||||
try{
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemOwner = '" + schemOwner + "' ORDER BY SchemName");
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemOwner = ? ORDER BY SchemName", schemOwner);
|
||||
List<Schematic> schematics = new ArrayList<>();
|
||||
while(schematic.next()){
|
||||
schematics.add(new Schematic(schematic));
|
||||
@ -107,7 +100,7 @@ public class Schematic {
|
||||
|
||||
public static List<Schematic> getAllSchemsOfType(SchematicType schemType){
|
||||
try{
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemType = '" + schemType.toDB() + "'");
|
||||
ResultSet schematic = SQL.select("SELECT SchemID, SchemName, SchemOwner, Item, SchemType, SchemFormat FROM Schematic WHERE SchemType = ?", schemType.toDB());
|
||||
List<Schematic> schematics = new ArrayList<>();
|
||||
while(schematic.next()){
|
||||
schematics.add(new Schematic(schematic));
|
||||
@ -156,7 +149,7 @@ public class Schematic {
|
||||
if(Core.getVersion() <= 12 && schemFormat)
|
||||
throw new WrongVersionException();
|
||||
|
||||
ResultSet rs = SQL.select("SELECT SchemData FROM Schematic WHERE SchemID = " + schemID);
|
||||
ResultSet rs = SQL.select("SELECT SchemData FROM Schematic WHERE SchemID = ?", schemID);
|
||||
try {
|
||||
rs.next();
|
||||
Blob schemData = rs.getBlob("SchemData");
|
||||
@ -186,7 +179,7 @@ public class Schematic {
|
||||
if(Core.getVersion() <= 12 && schemFormat)
|
||||
throw new WrongVersionException();
|
||||
|
||||
ResultSet rs = SQL.select("SELECT SchemData FROM Schematic WHERE SchemID = " + schemID);
|
||||
ResultSet rs = SQL.select("SELECT SchemData FROM Schematic WHERE SchemID = ?", schemID);
|
||||
try {
|
||||
rs.next();
|
||||
Blob blob = rs.getBlob("SchemData");
|
||||
@ -227,34 +220,31 @@ public class Schematic {
|
||||
|
||||
private void saveFromPlayer(Player player, boolean newFormat) throws IOException, NoClipboardException {
|
||||
try{
|
||||
PreparedStatement st = SQL.getCon().prepareStatement("UPDATE Schematic SET SchemData = ?, SchemFormat = ? WHERE SchemID = " + schemID);
|
||||
byte[] data;
|
||||
Blob blob = SQL.blob();
|
||||
switch(Core.getVersion()){
|
||||
case 8:
|
||||
newFormat = false;
|
||||
data = Schematic_8.getPlayerClipboard(player);
|
||||
blob.setBytes(1, Schematic_8.getPlayerClipboard(player));
|
||||
break;
|
||||
case 9:
|
||||
newFormat = false;
|
||||
data = Schematic_9.getPlayerClipboard(player);
|
||||
blob.setBytes(1, Schematic_9.getPlayerClipboard(player));
|
||||
break;
|
||||
case 10:
|
||||
newFormat = false;
|
||||
data = Schematic_10.getPlayerClipboard(player);
|
||||
blob.setBytes(1, Schematic_10.getPlayerClipboard(player));
|
||||
break;
|
||||
case 14:
|
||||
data = Schematic_14.getPlayerClipboard(player, newFormat);
|
||||
blob.setBytes(1, Schematic_14.getPlayerClipboard(player, newFormat));
|
||||
break;
|
||||
case 15:
|
||||
data = Schematic_15.getPlayerClipboard(player, newFormat);
|
||||
blob.setBytes(1, Schematic_15.getPlayerClipboard(player, newFormat));
|
||||
break;
|
||||
default:
|
||||
newFormat = false;
|
||||
data = Schematic_12.getPlayerClipboard(player);
|
||||
blob.setBytes(1, Schematic_12.getPlayerClipboard(player));
|
||||
}
|
||||
st.setBlob(1, new ByteArrayInputStream(data));
|
||||
st.setBoolean(2, newFormat);
|
||||
st.executeUpdate();
|
||||
SQL.update("UPDATE Schematic SET SchemData = ?, SchemFormat = ? WHERE SchemID = ?", blob, newFormat, schemID);
|
||||
schemFormat = newFormat;
|
||||
}catch(SQLException e){
|
||||
throw new IOException(e);
|
||||
@ -262,8 +252,8 @@ public class Schematic {
|
||||
}
|
||||
|
||||
public void remove(){
|
||||
SQL.update("DELETE FROM SchemMember WHERE SchemOwner = " + schemOwner + " AND SchemName = '" + schemName + "'");
|
||||
SQL.update("DELETE FROM Schematic WHERE SchemOwner = " + schemOwner + " AND SchemName = '" + schemName + "'");
|
||||
SQL.update("DELETE FROM SchemMember WHERE SchemOwner = ? AND SchemName = ?", schemOwner, schemName);
|
||||
SQL.update("DELETE FROM Schematic WHERE SchemOwner = ? AND SchemName = ?", schemOwner, schemName);
|
||||
}
|
||||
|
||||
public static class WrongVersionException extends Exception{}
|
||||
|
@ -28,10 +28,7 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
private void updateDB(){
|
||||
SQL.update("INSERT INTO SchemMember" +
|
||||
" (SchemName, SchemOwner, Member)" +
|
||||
" VALUES" +
|
||||
" ('" + schemName + "', '" + schemOwner + "', '" + member + "')");
|
||||
SQL.update("INSERT INTO SchemMember (SchemName, SchemOwner, Member) VALUES (?, ?, ?)", schemName, schemOwner, member);
|
||||
}
|
||||
|
||||
public static SchematicMember getSchemMemberFromDB(String schemName, UUID schemOwner, UUID schemMember){
|
||||
@ -39,7 +36,7 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
public static SchematicMember getSchemMemberFromDB(String schemName, int schemOwner, int schemMember){
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = '" + schemName + "' AND SchemOwner = '" + schemOwner + "' AND Member = '" + schemMember + "'");
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = ? AND SchemOwner = ? AND Member = ?", schemName, schemOwner, schemMember);
|
||||
try {
|
||||
if(schematicMember == null || !schematicMember.next()){
|
||||
return null;
|
||||
@ -51,7 +48,7 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
public static SchematicMember getMemberBySchematic(String schemName, int schemMember){
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = '" + schemName + "' AND Member = '" + schemMember + "'");
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = ? AND Member = ?", schemName, schemMember);
|
||||
try {
|
||||
if(schematicMember == null || !schematicMember.next()){
|
||||
return null;
|
||||
@ -68,7 +65,7 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
public static List<SchematicMember> getSchemMembers(String schemName, int schemOwner){
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = '" + schemName + "' AND SchemOwner = '" + schemOwner + "'");
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE SchemName = ? AND SchemOwner = ?", schemName, schemOwner);
|
||||
try {
|
||||
List<SchematicMember> schematicMembers = new ArrayList<>();
|
||||
while(schematicMember.next()){
|
||||
@ -86,7 +83,7 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
public static List<SchematicMember> getAccessibleSchems(int schemMember){
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE Member = '" + schemMember + "'");
|
||||
ResultSet schematicMember = SQL.select("SELECT * FROM SchemMember WHERE Member = ?", schemMember);
|
||||
try {
|
||||
List<SchematicMember> schematicMembers = new ArrayList<>();
|
||||
while(schematicMember.next()){
|
||||
@ -113,6 +110,6 @@ public class SchematicMember {
|
||||
}
|
||||
|
||||
public void remove(){
|
||||
SQL.update("DELETE FROM SchemMember WHERE SchemOwner = " + schemOwner + " AND SchemName = '" + schemName + "' AND Member = '" + member + "'");
|
||||
SQL.update("DELETE FROM SchemMember WHERE SchemOwner = ? AND SchemName = ? AND Member = ?", schemOwner, schemName, member);
|
||||
}
|
||||
}
|
||||
|
@ -63,8 +63,8 @@ public class SteamwarUser {
|
||||
return team;
|
||||
}
|
||||
|
||||
private static SteamwarUser fromDB(String statement){
|
||||
ResultSet rs = SQL.select(statement);
|
||||
private static SteamwarUser fromDB(String statement, Object identifier){
|
||||
ResultSet rs = SQL.select(statement, identifier);
|
||||
try {
|
||||
if(rs.next())
|
||||
return new SteamwarUser(rs);
|
||||
@ -75,24 +75,23 @@ public class SteamwarUser {
|
||||
}
|
||||
|
||||
public static SteamwarUser get(String userName){
|
||||
userName = SQL.disarmString(userName);
|
||||
SteamwarUser user = byName.get(userName.toLowerCase());
|
||||
if(user == null)
|
||||
user = fromDB("SELECT * FROM UserData WHERE lower(UserName) = '" + userName.toLowerCase() + "'");
|
||||
user = fromDB("SELECT * FROM UserData WHERE lower(UserName) = ?", userName.toLowerCase());
|
||||
return user;
|
||||
}
|
||||
|
||||
public static SteamwarUser get(UUID uuid){
|
||||
SteamwarUser user = byUUID.get(uuid);
|
||||
if(user == null)
|
||||
user = fromDB("SELECT * FROM UserData WHERE UUID = '" + uuid.toString() + "'");
|
||||
user = fromDB("SELECT * FROM UserData WHERE UUID = ?", uuid.toString());
|
||||
return user;
|
||||
}
|
||||
|
||||
public static SteamwarUser get(int id) {
|
||||
SteamwarUser user = byId.get(id);
|
||||
if(user == null)
|
||||
user = fromDB("SELECT * FROM UserData WHERE id = '" + id + "'");
|
||||
user = fromDB("SELECT * FROM UserData WHERE id = ?", id);
|
||||
return user;
|
||||
}
|
||||
}
|
||||
|
@ -27,7 +27,7 @@ public class Team {
|
||||
public static Team get(int id){
|
||||
if(id == 0)
|
||||
return pub;
|
||||
ResultSet rs = SQL.select("SELECT * FROM Team WHERE TeamID = " + id);
|
||||
ResultSet rs = SQL.select("SELECT * FROM Team WHERE TeamID = ?", id);
|
||||
try {
|
||||
if(!rs.next())
|
||||
return null;
|
||||
@ -55,7 +55,7 @@ public class Team {
|
||||
|
||||
public List<Integer> getMembers(){
|
||||
try{
|
||||
ResultSet memberlist = SQL.select("SELECT id FROM UserData WHERE Team = '" + teamId + "'");
|
||||
ResultSet memberlist = SQL.select("SELECT id FROM UserData WHERE Team = ?", teamId);
|
||||
List<Integer> members = new LinkedList<>();
|
||||
while(memberlist.next())
|
||||
members.add(memberlist.getInt("id"));
|
||||
|
In neuem Issue referenzieren
Einen Benutzer sperren