From 5d258fa16311c95ea2b25863cbc58f9144f5c9f8 Mon Sep 17 00:00:00 2001 From: Rafael da Fonseca Date: Wed, 17 Jun 2015 21:43:50 +0200 Subject: [PATCH] Fix 2 findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warnings in DatabaseConfig.java Signed-off-by: Rajani Karuturi This closes #478 --- server/src/com/cloud/test/DatabaseConfig.java | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/server/src/com/cloud/test/DatabaseConfig.java b/server/src/com/cloud/test/DatabaseConfig.java index 1c9b0db761c..097fb99ae6a 100644 --- a/server/src/com/cloud/test/DatabaseConfig.java +++ b/server/src/com/cloud/test/DatabaseConfig.java @@ -1189,10 +1189,12 @@ public class DatabaseConfig { sb.append(pwStr); // create an account for the admin user first - insertSql = "INSERT INTO `cloud`.`account` (id, account_name, type, domain_id) VALUES (" + id + ", '" + username + "', '1', '1')"; + insertSql = "INSERT INTO `cloud`.`account` (id, account_name, type, domain_id) VALUES (?, ?, '1', '1')"; txn = TransactionLegacy.currentTxn(); try { PreparedStatement stmt = txn.prepareAutoCloseStatement(insertSql); + stmt.setLong(1, id); + stmt.setString(2, username); stmt.executeUpdate(); } catch (SQLException ex) { s_logger.error("error creating account", ex); @@ -1258,11 +1260,12 @@ public class DatabaseConfig { "INSERT INTO `cloud`.`configuration` (instance, component, name, value, description, category) " + "VALUES ('" + instance + "','" + component + "','" + name + "','" + value + "','" + description + "','" + category + "')"; - String selectSql = "SELECT name FROM cloud.configuration WHERE name = '" + name + "'"; + String selectSql = "SELECT name FROM cloud.configuration WHERE name = ?"; TransactionLegacy txn = TransactionLegacy.currentTxn(); try { PreparedStatement stmt = txn.prepareAutoCloseStatement(selectSql); + stmt.setString(1, name); ResultSet result = stmt.executeQuery(); Boolean hasRow = result.next(); if (!hasRow) {