public ServiceResult<List<Page>> searchPageLike(String queryString) { queryString = DatabaseUtils.preventSQLInjection(queryString); List<Page> listPages = null; ServiceResult<List<Page>> result = new ServiceResult<List<Page>>(); listPages = DatabaseUtils.searchByQuery(queryString, Page.class); if (listPages.size() > 0) { result.setResult(listPages); result.setOK(true); result.setMessage(Global.messages.getString("search_page_by_query_successfully")); } else { result.setOK(false); result.setMessage(Global.messages.getString("search_page_by_query_fail")); } return result; }
public ServiceResult<List<Page>> getListPageFromUsername(String username) { username = DatabaseUtils.preventSQLInjection(username); ServiceResult<List<Page>> result = new ServiceResult<List<Page>>(); PersistenceManager pm = PMF.get().getPersistenceManager(); if (username == null || username.equals("")) { result.setMessage(Global.messages.getString("cannot_handle_with_null")); return result; } boolean isNotFound = false; UserInfo userInfo = null; try { userInfo = pm.getObjectById(UserInfo.class, username); } catch (JDOObjectNotFoundException e) { isNotFound = true; } catch (NucleusObjectNotFoundException e) { isNotFound = true; } if (isNotFound || userInfo == null) { // Not found userinfo result.setMessage(Global.messages.getString("not_found") + " " + username); } else { Query query = pm.newQuery(Page.class); query.setFilter("username == us"); query.declareParameters("String us"); query.setOrdering("date_post DESC"); List<Page> listPages = (List<Page>) query.execute(username); if (listPages.size() > 0) { result.setOK(true); result.setMessage( String.format( Global.messages.getString("get_pages_by_username_successfully"), username)); result.setResult(listPages); } else { result.setOK(false); result.setMessage( String.format(Global.messages.getString("get_pages_by_username_fail"), username)); } } pm.close(); return result; }
public static void preventSQLInjPage(Page page) { page.setName(DatabaseUtils.preventSQLInjection(page.getName())); page.setContent(DatabaseUtils.preventSQLInjection(page.getContent())); }