Revert "SQL PreparedStatement Fixes"

This reverts commit 17347c23a5.
This commit is contained in:
Paldiu 2021-03-01 23:03:13 -06:00
parent 17347c23a5
commit 46273b3301

View File

@ -16,6 +16,8 @@ import me.totalfreedom.totalfreedommod.util.FUtil;
public class SQLite extends FreedomService public class SQLite extends FreedomService
{ {
private final String FILE_NAME = "database.db";
private Connection connection; private Connection connection;
@Override @Override
@ -35,7 +37,6 @@ public class SQLite extends FreedomService
{ {
try try
{ {
String FILE_NAME = "database.db";
connection = DriverManager.getConnection("jdbc:sqlite:" + plugin.getDataFolder() + "/" + FILE_NAME); connection = DriverManager.getConnection("jdbc:sqlite:" + plugin.getDataFolder() + "/" + FILE_NAME);
FLog.info("Successfully connected to the database."); FLog.info("Successfully connected to the database.");
} }
@ -110,9 +111,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("DELETE FROM ?"); connection.createStatement().execute("DELETE FROM " + table);
statement.setString(1, table);
statement.execute();
} }
catch (SQLException e) catch (SQLException e)
{ {
@ -135,8 +134,7 @@ public class SQLite extends FreedomService
try try
{ {
Object[] data = {key, admin.getName()}; Object[] data = {key, admin.getName()};
PreparedStatement statement = connection.prepareStatement("?"); PreparedStatement statement = connection.prepareStatement(MessageFormat.format("UPDATE admins SET {0}=? WHERE username=''{1}''", data));
statement.setString(1, MessageFormat.format("UPDATE admins SET {0}=? WHERE username=''{1}''", data));
statement = setUnknownType(statement, 1, value); statement = setUnknownType(statement, 1, value);
statement.executeUpdate(); statement.executeUpdate();
@ -153,8 +151,7 @@ public class SQLite extends FreedomService
try try
{ {
Object[] data = {key, player.getName()}; Object[] data = {key, player.getName()};
PreparedStatement statement = connection.prepareStatement("?"); PreparedStatement statement = connection.prepareStatement(MessageFormat.format("UPDATE players SET {0}=? WHERE username=''{1}''", data));
statement.setString(1, MessageFormat.format("UPDATE players SET {0}=? WHERE username=''{1}''", data));
statement = setUnknownType(statement, 1, value); statement = setUnknownType(statement, 1, value);
statement.executeUpdate(); statement.executeUpdate();
@ -169,8 +166,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); PreparedStatement statement = connection.prepareStatement(MessageFormat.format("UPDATE admins SET username=? WHERE username=''{0}''", oldName));
statement.setString(1, MessageFormat.format("UPDATE admins SET username=? WHERE username=''{0}''", oldName));
statement = setUnknownType(statement, 1, newName); statement = setUnknownType(statement, 1, newName);
statement.executeUpdate(); statement.executeUpdate();
@ -185,8 +181,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); PreparedStatement statement = connection.prepareStatement(MessageFormat.format("UPDATE players SET username=? WHERE username=''{0}''", oldName));
statement.setString(1, MessageFormat.format("UPDATE players SET username=? WHERE username=''{0}''", oldName));
statement = setUnknownType(statement, 1, newName); statement = setUnknownType(statement, 1, newName);
statement.executeUpdate(); statement.executeUpdate();
@ -304,9 +299,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); ResultSet resultSet = connection.createStatement().executeQuery(MessageFormat.format("SELECT * FROM admins WHERE username=''{0}''", name));
statement.setString(1, MessageFormat.format("SELECT * FROM admins WHERE username=''{0}''", name));
ResultSet resultSet = statement.executeQuery();
if (resultSet.next()) if (resultSet.next())
{ {
return resultSet; return resultSet;
@ -325,9 +318,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); ResultSet resultSet = connection.createStatement().executeQuery(MessageFormat.format("SELECT * FROM players WHERE username=''{0}''", name));
statement.setString(1, MessageFormat.format("SELECT * FROM players WHERE username=''{0}''", name));
ResultSet resultSet = statement.executeQuery();
if (resultSet.next()) if (resultSet.next())
{ {
return resultSet; return resultSet;
@ -361,9 +352,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); ResultSet resultSet = connection.createStatement().executeQuery(MessageFormat.format("SELECT * FROM players WHERE ips LIKE ''%{0}%''", ip));
statement.setString(1, MessageFormat.format("SELECT * FROM players WHERE ips LIKE ''%{0}%''", ip));
ResultSet resultSet = statement.executeQuery();
if (resultSet.next()) if (resultSet.next())
{ {
return resultSet; return resultSet;
@ -382,9 +371,7 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); connection.createStatement().executeUpdate(MessageFormat.format("DELETE FROM admins where name=''{0}''", admin.getName()));
statement.setString(1, MessageFormat.format("DELETE FROM admins where name=''{0}''", admin.getName()));
statement.executeUpdate();
} }
catch (SQLException e) catch (SQLException e)
{ {
@ -422,14 +409,10 @@ public class SQLite extends FreedomService
{ {
try try
{ {
PreparedStatement statement = connection.prepareStatement("?"); connection.createStatement().executeUpdate(MessageFormat.format("DELETE FROM bans WHERE name=''{0}''", ban.getUsername()));
statement.setString(1, MessageFormat.format("DELETE FROM bans WHERE name=''{0}''", ban.getUsername()));
statement.executeUpdate();
for (String ip : ban.getIps()) for (String ip : ban.getIps())
{ {
PreparedStatement statement1 = connection.prepareStatement("?"); connection.createStatement().executeUpdate(MessageFormat.format("DELETE FROM bans WHERE ips LIKE ''%{0}%''", ip));
statement1.setString(1, MessageFormat.format("DELETE FROM bans WHERE ips LIKE ''%{0}%''", ip));
statement1.executeUpdate();
} }
} }
catch (SQLException e) catch (SQLException e)