From 869cc0c9f2a3ba9a5cfa07807e7331649605ab5e Mon Sep 17 00:00:00 2001
From: Rafael da Fonseca <rsafonseca@gmail.com>
Date: Sun, 14 Jun 2015 19:13:10 +0200
Subject: [PATCH] Fix findbugs
 SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in
 Upgrade2214to30.java There was no risk of sql injection here, nor any need to
 use PreparedStatement, still this fixes the warninG

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

This closes #441
---
 engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java
index b2b5e781030..eb4e8c75693 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade2214to30.java
@@ -272,7 +272,8 @@ public class Upgrade2214to30 extends Upgrade30xBase implements DbUpgrade {
                         addDefaultSGProvider(conn, physicalNetworkId, zoneId, networkType, false);
                         //for all networks with this tag, add physical_network_id
 
-                        PreparedStatement pstmt3 = conn.prepareStatement("SELECT network_id FROM `cloud`.`network_tags` where tag = '" + guestNetworkTag + "'");
+                        PreparedStatement pstmt3 = conn.prepareStatement("SELECT network_id FROM `cloud`.`network_tags` where tag= ?");
+                        pstmt3.setString(1,guestNetworkTag);
                         ResultSet rsNet = pstmt3.executeQuery();
                         s_logger.debug("Adding PhysicalNetwork to VLAN");
                         s_logger.debug("Adding PhysicalNetwork to user_ip_address");