/** * 根据条件查询站内信(管理员与用户,用户与用户) * * @throws SQLException * @throws DataException */ public void queryMailByCondition( PageBean pageBean, Integer mailType, String sender, String beginTime, String endTime) throws SQLException, DataException { Connection conn = connectionManager.getConnection(); StringBuffer condition = new StringBuffer("and backgroundStatus!=2 "); if (mailType != null) { condition.append("and mailType="); condition.append(mailType); } if (StringUtils.isNotBlank(sender)) { condition.append(" and sender LIKE '%"); condition.append(StringEscapeUtils.escapeSql(sender)); condition.append("%'"); } if (StringUtils.isNotBlank(beginTime)) { condition.append(" and sendTime >= '"); condition.append(StringEscapeUtils.escapeSql(beginTime)); condition.append("'"); } if (StringUtils.isNotBlank(endTime)) { condition.append(" and sendTime <= '"); condition.append(StringEscapeUtils.escapeSql(endTime)); condition.append("'"); } try { dataPage(conn, pageBean, "t_mail", "*", " order by sendTime desc ", condition.toString()); } catch (DataException e) { log.error(e); e.printStackTrace(); } finally { conn.close(); } }
@Override public boolean onCommand( final CommandSender sender, final Command cmd, final String label, final String args[]) { if (cmd.getName().equalsIgnoreCase("punish")) { if (args.length < 2) { sender.sendMessage(ChatColor.RED + "Not enough parameters!"); sender.sendMessage(ChatColor.RED + "Usage: /punish [@]<player> <reason>"); } else { Boolean pOffline = false; String ofpl = ""; if (args[0].startsWith("@")) { pOffline = true; StringBuilder sb = new StringBuilder(); sb.append(args[0]); sb.deleteCharAt(0); ofpl = sb.toString(); ofpl = StringEscapeUtils.escapeSql(ofpl); } else if (plugin.getServer().getPlayer(args[0]) == null) { sender.sendMessage( args[0] + " is not online! Use /p @<player> to punish offline players!"); return true; } ArrayList<String> arguments = new ArrayList<String>(); for (String s : args) { if (s != args[0]) arguments.add(s); } if (pOffline && sender instanceof Player) { Player player = (Player) sender; punishOffline( sender.getName(), StringEscapeUtils.escapeSql(player.getDisplayName()), ofpl, arguments); } else if (pOffline && sender instanceof ConsoleCommandSender) { punishOffline("(console)", ChatColor.GOLD + "(console)", ofpl, arguments); } else if (!pOffline && sender instanceof Player) { Player player = (Player) sender; punish( sender.getName(), StringEscapeUtils.escapeSql(player.getDisplayName()), plugin.getServer().getPlayer(args[0]).getName(), plugin.getServer().getPlayer(args[0]).getDisplayName(), arguments); } else if (!pOffline && sender instanceof ConsoleCommandSender) { punish( "(console)", ChatColor.GOLD + "(console)", plugin.getServer().getPlayer(args[0]).getName(), plugin.getServer().getPlayer(args[0]).getDisplayName(), arguments); } } return true; } return false; }
/* * We're updating a key--make sure it is active as well */ public boolean updateKeyValue(String billingNo, String key, String value) { List<BillingONExt> results = extDao.findByBillingNoAndKey(Integer.parseInt(billingNo), StringEscapeUtils.escapeSql(key)); for (BillingONExt result : results) { result.setValue(StringEscapeUtils.escapeSql(value)); result.setStatus('1'); extDao.merge(result); } return true; }
public String execute() { // cityCode为空,默认为北京 // System.out.println("cityCode:"+cityCode); if (null == cityCode || "".equals(cityCode.trim())) { cityCode = "PEK"; } List<String> hotelList = new ArrayList<String>(); List<Map> hotelListSpring = new ArrayList(); hotelName = StringEscapeUtils.escapeSql(hotelName); try { long time1 = System.currentTimeMillis(); hotelList = hotelQueryAjaxDao.autoHotelNameQuery(hotelName, cityCode); long time2 = System.currentTimeMillis(); // System.out.println("hotelquery.autoQuery用时:"+(time2 - time1)); } catch (Exception e) { log.error("模糊查询错误", e); } // System.out.println("aa:"+hotelList); // test // List testList = new ArrayList(); // testList.add("aa"); // testList.add("bb"); // this.setContent(testList); this.setContent(hotelList); return SUCCESS; }
public boolean add3rdBillExt(String billingNo, String demoNo, String key, String value) { BillingONExt b = new BillingONExt(); b.setBillingNo(Integer.parseInt(billingNo)); b.setDemographicNo(Integer.parseInt(demoNo)); b.setKeyVal(StringEscapeUtils.escapeSql(key)); b.setDateTime(new Date()); b.setStatus(ACTIVE.toCharArray()[0]); if (value == null && BillingONExtDao.isNumberKey(key)) { value = "0.00"; } b.setValue(StringEscapeUtils.escapeSql(value)); extDao.persist(b); return true; }
public boolean updateKeyStatus(String billingNo, String key, String status) { List<BillingONExt> results = extDao.findByBillingNoAndKey(Integer.parseInt(billingNo), StringEscapeUtils.escapeSql(key)); for (BillingONExt result : results) { result.setStatus(status.toCharArray()[0]); extDao.merge(result); } return true; }
private void appendResourceKeyCondition(StringBuilder sb) { if (StringUtils.isNotBlank(filter.getResourceKey())) { sb.append(" AND UPPER(p.kee) LIKE '%"); sb.append( escapePercentAndUnderscrore( StringEscapeUtils.escapeSql(StringUtils.upperCase(filter.getResourceKey())))); sb.append("%'"); appendEscapeForSomeDb(sb); } }
/** * 删除充值详细表,可删除多个 * * @param conn * @param ids id字符串,用,隔开 * @return * @throws SQLException */ public long deleteRechargeDetail(Connection conn, String ids) throws SQLException { String idStr = StringEscapeUtils.escapeSql("'" + ids + "'"); String idSQL = "-2"; idStr = idStr.replaceAll("'", ""); String[] array = idStr.split(","); for (int n = 0; n <= array.length - 1; n++) { idSQL += "," + array[n]; } Dao.Tables.t_recharge_detail t_recharge_detail = new Dao().new Tables().new t_recharge_detail(); return t_recharge_detail.delete(conn, " id in(" + idSQL + ")"); }
private static void appendInStatement(List<String> values, StringBuilder to) { to.append(" ("); for (int i = 0; i < values.size(); i++) { if (i > 0) { to.append(","); } to.append("'"); to.append(StringEscapeUtils.escapeSql(values.get(i))); to.append("'"); } to.append(") "); }
public void updateRider(String id, String text) throws SQLException, ClassNotFoundException, InstantiationException, IllegalAccessException { DB.runQuery( "UPDATE `riders` SET " + "`text`='" + StringEscapeUtils.escapeSql(text) + "'" + " WHERE id = " + id + ";"); DB.closeCon(); }
public static void generateNewPlayer(Player player) throws SQLException { Connection c = getConnection(); PreparedStatement statement = c.prepareStatement( "INSERT OR IGNORE INTO PLAYERS (UUID, NAME, IP, RANK, NICK, TAG, LOGIN, CHAT, IMPOSTER, BANHAMMER, BUILDER, DOUBLEJUMP, GODMODE, MUTE, FROZEN, CMDBLOCK, LASTLOGIN, CHATLEVEL) VALUES (?, ?, ?, 'Op', 'off&r', 'off&r', '', '', 0, 0, 0, 0, 0, 0, 0, 0, ?, 0)"); statement.setString(1, StringEscapeUtils.escapeSql(player.getUniqueId().toString())); statement.setString(2, player.getName()); statement.setString(3, player.getAddress().getAddress().getHostAddress()); statement.setLong(4, System.nanoTime()); statement.executeUpdate(); c.commit(); }
// 3rd bill ins. address public int addOne3rdAddrRecord(Properties val) { Billing3rdPartyAddress b = new Billing3rdPartyAddress(); b.setAttention(StringEscapeUtils.escapeSql(val.getProperty("attention", ""))); b.setCompanyName(StringEscapeUtils.escapeSql(val.getProperty("company_name", ""))); b.setAddress(StringEscapeUtils.escapeSql(val.getProperty("address", ""))); b.setCity(StringEscapeUtils.escapeSql(val.getProperty("city", ""))); b.setProvince(StringEscapeUtils.escapeSql(val.getProperty("province", ""))); b.setPostalCode(StringEscapeUtils.escapeSql(val.getProperty("postcode", ""))); b.setTelephone(StringEscapeUtils.escapeSql(val.getProperty("telephone", ""))); b.setFax(StringEscapeUtils.escapeSql(val.getProperty("fax", ""))); dao.persist(b); return b.getId(); }
private void appendResourceNameCondition(StringBuilder sb) { if (StringUtils.isNotBlank(filter.getResourceName())) { sb.append( " AND s.project_id IN (SELECT rindex.resource_id FROM resource_index rindex WHERE rindex.kee LIKE '"); sb.append( escapePercentAndUnderscrore( StringEscapeUtils.escapeSql(StringUtils.lowerCase(filter.getResourceName())))); sb.append("%'"); appendEscapeForSomeDb(sb); if (!filter.getResourceQualifiers().isEmpty()) { sb.append(" AND rindex.qualifier IN "); appendInStatement(filter.getResourceQualifiers(), sb); } sb.append(") "); } }
public void permaBanOffline( String punisher, String punisherDisplay, String punished, ArrayList<String> arguments) { try { String reason = ""; for (String s : arguments) { reason += s + " "; } long time = System.currentTimeMillis() / 1000L; UUID UUID = plugin.getServer().getOfflinePlayer(punished).getUniqueId(); plugin.sqlite.insert( "INSERT INTO punishments (punisher, punished, reason, type, time, expiry, active, server, UUID) VALUES ('" + punisher + "','" + punished + "','" + StringEscapeUtils.escapeSql(reason) + "','ban','" + time + "','0','1','" + Bans.server + "','" + UUID + "');"); for (Player plr : plugin.getServer().getOnlinePlayers()) { plr.sendMessage( ChatColor.DARK_AQUA + punisherDisplay + ChatColor.YELLOW + " -> " + ChatColor.GOLD + "Permanent ban" + ChatColor.YELLOW + " -> " + ChatColor.DARK_AQUA + punished + ChatColor.YELLOW + " -> " + ChatColor.GOLD + reason); } plugin.addBan(UUID, reason, time, 0); } catch (SQLException e) { plugin.getLogger().severe(e.getMessage()); } }
@SuppressWarnings("unchecked") public List<PatientLabRouting> findLabNosByDemographic(Integer demographicNo, String[] labTypes) { StringBuilder sb = new StringBuilder(); for (String t : labTypes) { sb.append("'" + StringEscapeUtils.escapeSql(t) + "'"); } String query = "select x from " + modelClass.getName() + " x where x.labNo=? and x.labType in (" + sb.toString() + ")"; Query q = entityManager.createQuery(query); q.setParameter(1, demographicNo); return q.getResultList(); }
/** * It returns the fully qualified query by replacing the expression '{}' with the replacement * values . * * @param queryExpression query expression * @param replacementValues array of values that would be placed in the query expression. it will * replace the '{...}' in the query expression with the value * @return fully qualified the query string . It would be used to query the repository */ public static String fillReplacementValues(String queryExpression, String[] replacementValues) { if (replacementValues != null && hasText(queryExpression)) { { for (int i = 0; i < replacementValues.length; i++) { if (hasText(replacementValues[i])) { if (replacementValues[i].contains("'") && queryExpression.contains("\'{" + i + "}\'")) { queryExpression = replace( queryExpression, "{" + i + "}", StringEscapeUtils.escapeSql(replacementValues[i])); } else { queryExpression = replace(queryExpression, "{" + i + "}", replacementValues[i]); } } } } } return queryExpression; }
@Override public boolean isAttributeExistCreate(AcademicKPIAttribute academicKPIAttribute) { boolean returnValue = false; try { String sqltmp = "select count(*) as totalItem from academic_kpi_attribute t where t.name='" + StringEscapeUtils.escapeSql(academicKPIAttribute.getName()) + "' and t.academic_kpi_code=" + academicKPIAttribute.getAcademicKPICode() + " and t.academic_year='" + academicKPIAttribute.getAcademicYear() + "'"; Long found = this.jdbcTemplate.queryForLong(sqltmp); if (found != null && found.intValue() > 0) { returnValue = true; } } catch (Exception ex) { ex.printStackTrace(); } return returnValue; }
private String buildCriteria(String criteria, String property, Object value) { value = StringEscapeUtils.escapeSql(value.toString()); if (value != null) { if (property.equals("sdvStatus")) { if (value.equals("complete")) { criteria += SDVD_STUDY_SUBJECTS; } else { criteria += NON_SDVD_STUDY_SUBJECTS; } } else { criteria = criteria + " and "; criteria = criteria + " UPPER(" + columnMapping.get(property) + ") like UPPER('%" + value.toString() + "%')" + " "; } } return criteria; }
public static String escapeSql(String originalText) { if (originalText == null) return ""; return StringEscapeUtils.escapeSql(originalText); }
public int addOneClaimHeaderRecord(LoggedInInfo loggedInInfo, BillingClaimHeader1Data val) { BillingONCHeader1 b = new BillingONCHeader1(); b.setHeaderId(0); b.setTranscId(val.transc_id); b.setRecId(val.rec_id); b.setHin(val.hin); b.setVer(val.ver); b.setDob(val.dob); b.setPayProgram(val.pay_program); b.setPayee(val.payee); b.setRefNum(val.ref_num); b.setFaciltyNum(val.facilty_num); if (val.admission_date.length() > 0) try { b.setAdmissionDate(dateformatter.parse(val.admission_date)); } catch (ParseException e) { /*empty*/ } b.setRefLabNum(val.ref_lab_num); b.setManReview(val.man_review); b.setLocation(val.location); b.setDemographicNo(Integer.parseInt(val.demographic_no)); b.setProviderNo(val.provider_no); String apptNo = StringUtils.trimToNull(val.appointment_no); if (apptNo != null) { b.setAppointmentNo(Integer.parseInt(val.appointment_no)); } else { b.setAppointmentNo(null); } b.setDemographicName(StringEscapeUtils.escapeSql(val.demographic_name)); b.setSex(val.sex); b.setProvince(val.province); if (val.billing_date.length() > 0) try { b.setBillingDate(dateformatter.parse(val.billing_date)); } catch (ParseException e) { /*empty*/ } if (val.billing_time.length() > 0) try { b.setBillingTime(timeFormatter.parse(val.billing_time)); } catch (ParseException e) { MiscUtils.getLogger().error("Invalid time", e); } b.setTotal(new BigDecimal(val.total == null ? "0.00" : val.total)); if (val.paid == null || val.paid.isEmpty()) { b.setPaid(new BigDecimal("0.00")); } else { b.setPaid(new BigDecimal(val.paid)); } b.setStatus(val.status); b.setComment(StringEscapeUtils.escapeSql(val.comment)); b.setVisitType(val.visittype); b.setProviderOhipNo(val.provider_ohip_no); b.setProviderRmaNo(val.provider_rma_no); b.setApptProviderNo(val.apptProvider_no); b.setAsstProviderNo(val.asstProvider_no); b.setCreator(val.creator); b.setClinic(val.clinic); ProgramProvider pp = programManager2.getCurrentProgramInDomain( loggedInInfo, loggedInInfo.getLoggedInProviderNo()); if (pp != null) { b.setProgramNo(pp.getProgramId().intValue()); } cheaderDao.persist(b); return b.getId(); }
public void insertRider(String text) throws SQLException, ClassNotFoundException, InstantiationException, IllegalAccessException { DB.runQuery( "INSERT INTO `riders` (`text`) VALUES ('" + StringEscapeUtils.escapeSql(text) + "');"); DB.closeCon(); }
public static String escapeSql(String string) { return string == null ? null : StringEscapeUtils.escapeSql(string); }
/** * Creates a new instance of {@link Function}. * * @param function The function. * @param exp The expression. */ public Function(final String function, final Expression exp) { this.function = StringEscapeUtils.escapeSql(function); this.exp = exp; }
public static List<WikiMessage> upgrade070(List<WikiMessage> messages) throws WikiException { TransactionStatus status = null; try { status = DatabaseConnection.startTransaction(getTransactionDefinition()); Connection conn = DatabaseConnection.getConnection(); // add characters_changed column to jam_topic_version WikiBase.getDataHandler() .executeUpgradeUpdate("UPGRADE_070_ADD_TOPIC_VERSION_CHARACTERS_CHANGED", conn); messages.add( new WikiMessage( "upgrade.message.db.column.added", "characters_changed", "jam_topic_version")); // add characters_changed column to jam_recent_change WikiBase.getDataHandler() .executeUpgradeUpdate("UPGRADE_070_ADD_RECENT_CHANGE_CHARACTERS_CHANGED", conn); messages.add( new WikiMessage( "upgrade.message.db.column.added", "characters_changed", "jam_recent_change")); // copy columns from jam_wiki_user_info into jam_wiki_user WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_ADD_USER_EMAIL", conn); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_UPDATE_USER_EMAIL", conn); messages.add(new WikiMessage("upgrade.message.db.column.added", "email", "jam_wiki_user")); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_ADD_USER_EDITOR", conn); messages.add(new WikiMessage("upgrade.message.db.column.added", "editor", "jam_wiki_user")); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_ADD_USER_SIGNATURE", conn); messages.add( new WikiMessage("upgrade.message.db.column.added", "signature", "jam_wiki_user")); WikiBase.getDataHandler().executeUpgradeUpdate("STATEMENT_CREATE_USERS_TABLE", conn); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_INSERT_USERS", conn); messages.add(new WikiMessage("upgrade.message.db.table.added", "jam_users")); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_DROP_USER_REMEMBER_KEY", conn); messages.add( new WikiMessage("upgrade.message.db.column.dropped", "remember_key", "jam_wiki_user")); WikiBase.getDataHandler().executeUpgradeUpdate("STATEMENT_CREATE_AUTHORITIES_TABLE", conn); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_INSERT_AUTHORITIES", conn); messages.add(new WikiMessage("upgrade.message.db.table.added", "jam_authorities")); WikiBase.getDataHandler() .executeUpgradeUpdate("STATEMENT_CREATE_GROUP_AUTHORITIES_TABLE", conn); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_INSERT_GROUP_AUTHORITIES", conn); messages.add(new WikiMessage("upgrade.message.db.table.added", "jam_group_authorities")); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_DROP_ROLE_MAP", conn); messages.add(new WikiMessage("upgrade.message.db.table.dropped", "jam_role_map")); WikiBase.getDataHandler().executeUpgradeUpdate("STATEMENT_CREATE_GROUP_MEMBERS_TABLE", conn); // FIXME - avoid hard coding String sql = "select group_id from jam_group where group_name = '" + WikiGroup.GROUP_REGISTERED_USER + "'"; WikiResultSet rs = DatabaseConnection.executeQuery(sql, conn); int groupId = rs.getInt("group_id"); // FIXME - avoid hard coding sql = "select username from jam_users "; rs = DatabaseConnection.executeQuery(sql, conn); int id = 1; while (rs.next()) { // FIXME - avoid hard coding sql = "insert into jam_group_members ( " + "id, username, group_id " + ") values ( " + id + ", '" + StringEscapeUtils.escapeSql(rs.getString("username")) + "', " + groupId + ") "; DatabaseConnection.executeUpdate(sql, conn); id++; } messages.add(new WikiMessage("upgrade.message.db.table.added", "jam_group_members")); WikiBase.getDataHandler().executeUpgradeUpdate("UPGRADE_070_DROP_USER_INFO", conn); messages.add(new WikiMessage("upgrade.message.db.table.dropped", "jam_wiki_user_info")); } catch (SQLException e) { DatabaseConnection.rollbackOnException(status, e); try { DatabaseConnection.executeUpdate(AnsiQueryHandler.STATEMENT_DROP_GROUP_MEMBERS_TABLE); } catch (Exception ex) { } try { DatabaseConnection.executeUpdate(AnsiQueryHandler.STATEMENT_DROP_GROUP_AUTHORITIES_TABLE); } catch (Exception ex) { } try { DatabaseConnection.executeUpdate(AnsiQueryHandler.STATEMENT_DROP_AUTHORITIES_TABLE); } catch (Exception ex) { } try { DatabaseConnection.executeUpdate(AnsiQueryHandler.STATEMENT_DROP_USERS_TABLE); } catch (Exception ex) { } logger.severe("Database failure during upgrade", e); throw new WikiException(new WikiMessage("upgrade.error.fatal", e.getMessage())); } DatabaseConnection.commit(status); // for some reason HSQL hangs when populating the characters_changed column. since this step is // optional just skip it for HSQL. String dbType = Environment.getValue(Environment.PROP_DB_TYPE); if (!StringUtils.equals(dbType, DataHandler.DATA_HANDLER_HSQL)) { try { // perform a second transaction to populate the new columns. this code is in its own // transaction since if it fails the upgrade can still be considered successful. status = DatabaseConnection.startTransaction(getTransactionDefinition()); Connection conn = DatabaseConnection.getConnection(); WikiBase.getDataHandler() .executeUpgradeUpdate("UPGRADE_070_UPDATE_TOPIC_VERSION_CHARACTERS_CHANGED", conn); messages.add( new WikiMessage( "upgrade.message.db.column.populated", "characters_changed", "jam_topic_version")); } catch (SQLException e) { messages.add(new WikiMessage("upgrade.error.nonfatal", e.getMessage())); // do not throw this error and halt the upgrade process - populating the field // is not required for existing systems. logger.warning( "Failure while populating characters_changed colum in jam_topic_version. See UPGRADE.txt for instructions on how to manually complete this optional step.", e); try { DatabaseConnection.rollbackOnException(status, e); } catch (Exception ex) { // ignore } status = null; // so we do not try to commit } if (status != null) { DatabaseConnection.commit(status); } } return messages; }
@SuppressWarnings("unchecked") public boolean add3rdBillExt(Map<String, String> mVal, int id, Vector vecObj) { BillingClaimHeader1Data claim1Obj = (BillingClaimHeader1Data) vecObj.get(0); boolean retval = true; String[] temp = { "billTo", "remitTo", "total", "payment", "discount", "provider_no", "gst", "payDate", "payMethod" }; String demoNo = mVal.get("demographic_no"); String dateTime = UtilDateUtilities.getToday("yyyy-MM-dd HH:mm:ss"); mVal.put("payDate", dateTime); String paymentSumParam = null; String paymentDateParam = null; String paymentTypeParam = null; String provider_no = mVal.get("provider_no"); for (int i = 0; i < temp.length; i++) { String val = mVal.get(temp[i]); if ("discount".equals(temp[i])) { val = mVal.get( "total_discount"); // 'refund' stands for write off, here totoal_discount is write // off } if ("payment".equals(temp[i])) { val = mVal.get("total_payment"); } BillingONExt billingONExt = new BillingONExt(); billingONExt.setBillingNo(id); billingONExt.setDemographicNo(Integer.parseInt(demoNo)); billingONExt.setKeyVal(StringEscapeUtils.escapeSql(temp[i])); billingONExt.setValue(StringEscapeUtils.escapeSql(val)); billingONExt.setDateTime(new Date()); billingONExt.setStatus('1'); extDao.persist(billingONExt); if (i == 3) paymentSumParam = mVal.get("total_payment"); // total_payment else if (i == 7) paymentDateParam = mVal.get(temp[i]); // paymentDate else if (i == 8) paymentTypeParam = mVal.get(temp[i]); // paymentMethod } if (paymentSumParam != null) { BillingONPaymentDao billingONPaymentDao = (BillingONPaymentDao) SpringUtils.getBean("billingONPaymentDao"); BillingPaymentTypeDao billingPaymentTypeDao = (BillingPaymentTypeDao) SpringUtils.getBean("billingPaymentTypeDao"); BillingONCHeader1 ch1 = cheaderDao.find(id); Date paymentDate = null; try { paymentDate = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse(paymentDateParam); } catch (ParseException ex) { _logger.error("add3rdBillExt wrong date format " + paymentDateParam); return retval; } // allow user to override with the text box added String paymentDateOverride = mVal.get("payment_date"); if (paymentDateOverride != null && paymentDateOverride.length() > 0) { try { paymentDate = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss").parse(paymentDateOverride + " 00:00:00"); } catch (ParseException ex) { _logger.error("add3rdBillExt wrong date format " + paymentDateOverride); return retval; } } if (paymentTypeParam == null || paymentTypeParam.equals("")) { paymentTypeParam = "1"; } BillingPaymentType type = billingPaymentTypeDao.find(Integer.parseInt(paymentTypeParam)); BillingONPayment payment = null; if (paymentSumParam != null) { payment = new BillingONPayment(); payment.setTotal_payment(BigDecimal.valueOf(Double.parseDouble(paymentSumParam))); payment.setTotal_discount( BigDecimal.valueOf(Double.parseDouble(mVal.get("total_discount")))); payment.setTotal_refund(new BigDecimal(0)); payment.setPaymentDate(paymentDate); payment.setBillingOnCheader1(ch1); payment.setBillingNo(id); payment.setCreator(claim1Obj.getCreator()); payment.setPaymentTypeId(Integer.parseInt(paymentTypeParam)); // payment.setBillingPaymentType(type); billingONPaymentDao.persist(payment); addItemPaymentRecord( (List) vecObj.get(1), id, payment.getId(), Integer.parseInt(paymentTypeParam), paymentDate); addCreate3rdInvoiceTrans( (BillingClaimHeader1Data) vecObj.get(0), (List<BillingItemData>) vecObj.get(1), payment); } } return retval; }
public static String escapeStringConstant(String pattern) { return StringEscapeUtils.escapeSql(pattern); // Need to escape double quotes }
public boolean keyExists(String billingNo, String key) { List<BillingONExt> results = extDao.findByBillingNoAndKey(Integer.parseInt(billingNo), StringEscapeUtils.escapeSql(key)); if (results.isEmpty()) return false; return true; }
public void punishOffline( String punisher, String punisherDisplay, String punished, ArrayList<String> arguments) { String reason = ""; for (String s : arguments) { reason += s + " "; } try { ResultSet result = plugin.sqlite.query( ("SELECT * FROM punishments WHERE punished='" + punished + "' AND active=1;")); Boolean kicked = false; Boolean banned = false; while (result.next()) { String type = result.getString("type"); if (type.equals("ban") || type.equals("tempban")) { banned = true; } else if (type.equals("kick")) { kicked = true; } } long time = System.currentTimeMillis() / 1000L; long expiry = time + (86400 * 7); UUID UUID = plugin.getServer().getOfflinePlayer(punished).getUniqueId(); if (banned) { plugin.sqlite.insert( "INSERT INTO punishments (punisher, punished, reason, type, time, expiry, active, server, UUID) VALUES ('" + punisher + "','" + punished + "','" + StringEscapeUtils.escapeSql(reason) + "','ban','" + time + "','0','1','" + Bans.server + "','" + UUID + "');"); for (Player plr : plugin.getServer().getOnlinePlayers()) { plr.sendMessage( ChatColor.DARK_AQUA + punisherDisplay + ChatColor.YELLOW + " -> " + ChatColor.GOLD + "Permanent ban" + ChatColor.YELLOW + " -> " + ChatColor.DARK_AQUA + punished + ChatColor.YELLOW + " -> " + ChatColor.GOLD + reason); } plugin.addBan(UUID, reason, time, 0); } else if (kicked) { plugin.sqlite.insert( "INSERT INTO punishments (punisher, punished, reason, type, time, expiry, active, server, UUID) VALUES ('" + punisher + "','" + punished + "','" + StringEscapeUtils.escapeSql(reason) + "','tempban','" + time + "','" + expiry + "','1','" + Bans.server + "','" + UUID + "');"); for (Player plr : plugin.getServer().getOnlinePlayers()) { plr.sendMessage( ChatColor.DARK_AQUA + punisherDisplay + ChatColor.YELLOW + " -> " + ChatColor.GOLD + "7 day ban" + ChatColor.YELLOW + " -> " + ChatColor.DARK_AQUA + punished + ChatColor.YELLOW + " -> " + ChatColor.GOLD + reason); } plugin.addBan(UUID, reason, time, expiry); } else { plugin.sqlite.insert( "INSERT INTO punishments (punisher, punished, reason, type, time, active, server, UUID) VALUES ('" + punisher + "','" + punished + "','" + StringEscapeUtils.escapeSql(reason) + "','kick','" + time + "','1','" + Bans.server + "','" + UUID + "');"); for (Player plr : plugin.getServer().getOnlinePlayers()) { plr.sendMessage( punisherDisplay + ChatColor.YELLOW + " -> " + ChatColor.GOLD + "Kick" + ChatColor.YELLOW + " -> " + ChatColor.DARK_AQUA + punished + ChatColor.YELLOW + " -> " + ChatColor.GOLD + reason); } } } catch (SQLException e) { plugin.getLogger().severe(e.getMessage()); } }
private String quoteString(String s) { String escaped = StringEscapeUtils.escapeSql(s); escaped = escaped.replaceAll("\n", "\\\\n"); escaped = escaped.replaceAll("\r", "\\\\r"); return "'" + escaped + "'"; }