public void updateServiceType( CFSecurityAuthorization Authorization, CFSecurityServiceTypeBuff Buff) { final String S_ProcName = "updateServiceType"; ResultSet resultSet = null; try { int ServiceTypeId = Buff.getRequiredServiceTypeId(); String Description = Buff.getRequiredDescription(); int Revision = Buff.getRequiredRevision(); Connection cnx = schema.getCnx(); String sql = "exec sp_update_svctype ?, ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + ", " + "?"; if (stmtUpdateByPKey == null) { stmtUpdateByPKey = cnx.prepareStatement(sql); } int argIdx = 1; stmtUpdateByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtUpdateByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtUpdateByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtUpdateByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtUpdateByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtUpdateByPKey.setString(argIdx++, "SVCT"); stmtUpdateByPKey.setInt(argIdx++, ServiceTypeId); stmtUpdateByPKey.setString(argIdx++, Description); stmtUpdateByPKey.setInt(argIdx++, Revision); resultSet = stmtUpdateByPKey.executeQuery(); if (resultSet.next()) { CFSecurityServiceTypeBuff updatedBuff = unpackServiceTypeResultSetToBuff(resultSet); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } Buff.setRequiredDescription(updatedBuff.getRequiredDescription()); Buff.setRequiredRevision(updatedBuff.getRequiredRevision()); } else { throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Expected a single-record response, " + resultSet.getRow() + " rows selected"); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
/** * Function: Attempt to login the user. * * <p>Param: stmt - Statement object to run select. * * <p>Return: True if the credentials are correct. * * <p>schwehr 20100310 */ private static boolean login(Statement stmt) { String pass; System.out.print("E-mail: "); Main.user = Keyboard.in.readString(); System.out.print("Password: "******"select email, pwd from users where email ='%s' and pwd ='%s'", Main.user, pass); ResultSet rset = stmt.executeQuery(query); // There should only be one record found if the credentials are valid.. rset.last(); if (rset.getRow() == 1) { return true; } } catch (SQLException ex) { System.err.println("SQLException: " + ex.getMessage()); } return false; }
public int[] getAd() { int i = 0; int j = 0; int[] ans = null; String str = "SELECT * FROM ad ORDER BY id"; try { row = stm.executeQuery(str); row.last(); i = row.getRow(); row.first(); ans = new int[i + 1]; if (i > 0) { ans[0] = i; do { j++; ans[j] = Integer.parseInt(row.getString("priority")); } while (row.next()); } else { ans[0] = 0; } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return ans; }
public ArrayList find(int theBegin, int theEnd) throws SQLException { ArrayList list = new ArrayList(); String sql = "select NODE_LINK_ID, NAME, DESCRIPTION, LINK_TYPE, TEMPLATE_ID, CURRENT_NODE_ID, NEXT_NODE_ID, EXECUTOR_RELATION, EXECUTORS_METHOD, NUMBER_OR_PERCENT, PASS_VALUE, EXPRESSION, DEFAULT_PATH, ACTION_NAME from WF_LINK"; PreparedStatement st = null; ResultSet rs = null; Connection conn = null; try { conn = ConnectionFactory.getConnection(); st = conn.prepareStatement(sql); if (theEnd > 0) st.setFetchSize(theEnd); rs = st.executeQuery(); if (theBegin > 1) rs.absolute(theBegin - 1); while (rs.next()) { list.add(parseResultSet(rs)); if (rs.getRow() == theEnd) break; } } catch (SQLException e) { e.printStackTrace(); throw new SQLException(e.getMessage()); } finally { DBHelper.closeConnection(conn, st, rs); } return list; }
public String[] getVideo() { int i = 0; int j = 0; String[] ans = null; String str = "SELECT * FROM video ORDER BY id"; try { row = stm.executeQuery(str); row.last(); i = row.getRow(); row.first(); ans = new String[i + 1]; if (i > 0) { ans[0] = Integer.toString(i); do { j++; ans[j] = row.getString("name"); } while (row.next()); } else { ans[0] = "0"; } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return ans; }
public static Show[] getShows() { Logger.log("Database.getShows", CALL_FLAG); Show[] shows = new Show[0]; try { Hall[] halls = getHalls(); Movie[] movies = getMovies(); Timestamp time; Hall hall; Movie movie; int ID; ResultSet rs = query("SELECT COUNT(*) FROM forestillinger"); rs.next(); shows = new Show[rs.getInt("COUNT(*)")]; rs = query("SELECT * FROM forestillinger ORDER BY tid ASC"); while (rs.next()) { hall = halls[rs.getInt("sal_id") - 1]; movie = movies[rs.getInt("film_id") - 1]; time = rs.getTimestamp("tid"); ID = rs.getInt("forestilling_id"); shows[rs.getRow() - 1] = new Show(hall, movie, time, ID); } } catch (Exception exception) { Logger.log(exception, "Database:getShows"); } Logger.log("Database.getShows", FINISHED_FLAG); return shows; }
public ArrayList getFollowedLinkList(int theBegin, int theEnd, int templateId, int currentNodeId) throws SQLException { ArrayList list = new ArrayList(); String sql = "select * from wf_link where template_id = ? and current_node_id = ?"; PreparedStatement st = null; ResultSet rs = null; Connection conn = null; try { conn = ConnectionFactory.getConnection(); st = conn.prepareStatement(sql); if (theEnd > 0) st.setFetchSize(theEnd); st.setInt(1, templateId); st.setInt(2, currentNodeId); rs = st.executeQuery(); if (theBegin > 1) rs.absolute(theBegin - 1); while (rs.next()) { list.add(parseResultSet(rs)); if (rs.getRow() == theEnd) break; } } catch (SQLException e) { e.printStackTrace(); throw new SQLException(e.getMessage()); } finally { DBHelper.closeConnection(conn, st, rs); } return list; }
@Override public String getScanListingOfAllMessages() { StringBuilder scanListing = new StringBuilder(); String query = "SELECT txMailContent FROM m_Mail WHERE iMaildropID=" + seissionUserID; try (Statement statement = conn.createStatement()) { ResultSet rs = statement.executeQuery(query); int numberOfMails = getNumberOfMailsInMaildrop(); while (rs.next()) { int messageNumber = rs.getRow(); int sizeInOctets = getNumberOfOctetsInString(rs.getString("txMailContent")); if (messageNumber == numberOfMails) { // For Nice Formatting scanListing.append(messageNumber + " " + sizeInOctets); } else { scanListing.append(messageNumber + " " + sizeInOctets + "\n"); } } } catch (SQLException e) { printSQLException(e); } return scanListing.toString(); }
public int[] searchVideo(String key) { int i = 0; int j = 0; int[] ans = null; String str = "SELECT * FROM video WHERE name LIKE '%" + key + "%'"; try { row = stm.executeQuery(str); row.last(); i = row.getRow(); row.first(); if (i == 0) { ans = new int[1]; } else { ans = new int[i]; } if (i > 0) { do { ans[j] = Integer.parseInt(row.getString("id")); j++; } while (row.next()); } else { ans[0] = 0; } } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } return ans; }
public static boolean isMyResultSetEmpty(ResultSet rs) throws SQLException { if (!rs.isBeforeFirst() && rs.getRow() == 0) { return true; } else return false; }
@Override public String getUniqueIDListingOfAllMessages() { StringBuilder uidlListing = new StringBuilder(); String query = "SELECT iMailID, vchUIDL FROM m_Mail WHERE iMaildropID=" + seissionUserID; try (Statement statement = conn.createStatement()) { ResultSet rs = statement.executeQuery(query); int numberOfMails = getNumberOfMailsInMaildrop(); while (rs.next()) { int messageNumber = rs.getRow(); String uidl = rs.getString("vchUIDL"); if (messageNumber == numberOfMails) { // For Nice Formatting uidlListing.append(messageNumber + " " + uidl); } else { uidlListing.append(messageNumber + " " + uidl + "\n"); } } } catch (SQLException e) { printSQLException(e); } return uidlListing.toString(); }
public static Customer[] getCustomers() { Logger.log("Database.getCustomers", CALL_FLAG); Customer[] customers = new Customer[0]; try { String name; String phoneNumber; int id; ResultSet rs = query("SELECT COUNT(*) FROM kunder"); rs.next(); customers = new Customer[rs.getInt("COUNT(*)")]; rs.next(); rs = query("SELECT * FROM kunder"); while (rs.next()) { name = rs.getString("navn"); phoneNumber = rs.getString("telefon"); id = rs.getInt("kunde_id"); customers[rs.getRow() - 1] = new Customer(name, phoneNumber, id); } } catch (SQLException exception) { Logger.log(exception, "Database:getCustomers"); } Logger.log("Database.getCustomer Finised", FINISHED_FLAG); return customers; }
protected List<PingData> readAll(Connection connection, String clustername) throws SQLException { PreparedStatement ps = connection.prepareStatement(select_all_pingdata_sql); try { ps.setString(1, clustername); ResultSet resultSet = ps.executeQuery(); ArrayList<PingData> results = new ArrayList<PingData>(); while (resultSet.next()) { byte[] bytes = resultSet.getBytes(1); PingData pingData = null; try { pingData = deserialize(bytes); results.add(pingData); } catch (Exception e) { int row = resultSet.getRow(); log.error( "%s: failed deserializing row %d: %s; removing it from the table", local_addr, row, e); try { resultSet.deleteRow(); } catch (Throwable t) { log.error( "%s: failed removing row %d: %s; please delete it manually", local_addr, row, e); } } } return results; } finally { ps.close(); } }
private void Baru() { btnSave.setText("Save"); txtNip.requestFocus(); txtNip.setText(""); try { Class.forName(KoneksiDatabase.driver); java.sql.Connection c = DriverManager.getConnection( KoneksiDatabase.database, KoneksiDatabase.user, KoneksiDatabase.pass); Statement s = c.createStatement(); String sql = "select * from absensi_lembur"; ResultSet rs = s.executeQuery(sql); final String[] headers = { "Kd Absen", "NIP", "Tgl Absen", "Masuk", "Pulang", "Hari", "Tipe Hari", "Terlambat", "Lembur", "Tipe Lembur", "Tot Lembur", "Tunj Makan", "Tunj Transport" }; rs.last(); int n = rs.getRow(); Object[][] data = new Object[n][13]; int p = 0; rs.beforeFirst(); while (rs.next()) { data[p][0] = rs.getString(1); data[p][1] = rs.getString(2); data[p][2] = rs.getString(3); data[p][3] = rs.getString(4); data[p][4] = rs.getString(5); data[p][5] = rs.getString(6); data[p][6] = rs.getString(7); data[p][7] = rs.getString(8); data[p][8] = rs.getString(9); data[p][9] = rs.getString(10); data[p][10] = rs.getString(11); data[p][11] = rs.getString(12); data[p][12] = rs.getString(13); p++; } tblLembur.setModel(new DefaultTableModel(data, headers)); tblLembur.setAlignmentX(CENTER_ALIGNMENT); } catch (Exception e) { JOptionPane.showMessageDialog( null, "Gagal Koneksi, Ada Kesalahan.", "Warning", JOptionPane.WARNING_MESSAGE); } }
public CFInternetTopDomainBuff readBuffByNameIdx( CFSecurityAuthorization Authorization, long TenantId, long TldId, String Name) { final String S_ProcName = "readBuffByNameIdx"; ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); final String sql = "CALL sp_read_tdomdef_by_nameidx( ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + ", " + "?" + " )"; if (stmtReadBuffByNameIdx == null) { stmtReadBuffByNameIdx = cnx.prepareStatement(sql); } int argIdx = 1; stmtReadBuffByNameIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByNameIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtReadBuffByNameIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtReadBuffByNameIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByNameIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtReadBuffByNameIdx.setLong(argIdx++, TenantId); stmtReadBuffByNameIdx.setLong(argIdx++, TldId); stmtReadBuffByNameIdx.setString(argIdx++, Name); resultSet = stmtReadBuffByNameIdx.executeQuery(); if (resultSet.next()) { CFInternetTopDomainBuff buff = unpackTopDomainResultSetToBuff(resultSet); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } return (buff); } else { return (null); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
/* goodB2G1() - use badsource and goodsink by changing second IO.staticTrue to IO.staticFalse */ private void goodB2G1() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticFalse) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run */ IO.writeLine("Benign, fixed string"); } else { Connection dbConnection = null; PreparedStatement sqlStatement = null; ResultSet resultSet = null; try { /* FIX: Use prepared statement and executeQuery (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("select * from users where name=?"); sqlStatement.setString(1, data); resultSet = sqlStatement.executeQuery(); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public CFCrmContactTagBuff readBuff( CFSecurityAuthorization Authorization, CFCrmContactTagPKey PKey) { final String S_ProcName = "readBuff"; if (!schema.isTransactionOpen()) { throw CFLib.getDefaultExceptionFactory() .newUsageException(getClass(), S_ProcName, "Transaction not open"); } ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); long TenantId = PKey.getRequiredTenantId(); long ContactId = PKey.getRequiredContactId(); long TagId = PKey.getRequiredTagId(); String sql = "{ call sp_read_ctc_tag( ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + ", " + "?" + " ) }"; if (stmtReadBuffByPKey == null) { stmtReadBuffByPKey = cnx.prepareStatement(sql); } int argIdx = 1; stmtReadBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtReadBuffByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtReadBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtReadBuffByPKey.setLong(argIdx++, TenantId); stmtReadBuffByPKey.setLong(argIdx++, ContactId); stmtReadBuffByPKey.setLong(argIdx++, TagId); resultSet = stmtReadBuffByPKey.executeQuery(); if ((resultSet != null) && resultSet.next()) { CFCrmContactTagBuff buff = unpackContactTagResultSetToBuff(resultSet); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } return (buff); } else { return (null); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
/** * Check whether an image exists into the database * * @param imageString the path to the image (take care this has to be a path as recorded in the * database) * @return true if the image exists */ public boolean imageExists(String imageString) throws ClassNotFoundException, SQLException { String query = "SELECT * FROM minute WHERE `image-path`='" + imageString + "'"; Statement st = this.connection.createStatement(); // execute the query, and get a java resultset ResultSet rs = st.executeQuery(query); if (rs.getRow() == 0) return false; else return true; }
/* * Execute query against a list of sensors * * */ public static String executeQuery( String envelope, String query, String matchingSensors, String format) throws ParseException { // String matchingSensors = getListOfSensorsAsString(envelope); String reformattedQuery = reformatQuery(query, matchingSensors); StringBuilder sb = new StringBuilder(); Connection connection = null; try { connection = Main.getDefaultStorage().getConnection(); Statement statement = connection.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_READ_ONLY); ResultSet results = statement.executeQuery(reformattedQuery); ResultSetMetaData metaData; // Additional information about the results int numCols, numRows; // How many rows and columns in the table metaData = results.getMetaData(); // Get metadata on them numCols = metaData.getColumnCount(); // How many columns? results.last(); // Move to last row numRows = results.getRow(); // How many rows? String s; // System.out.println("* Executing query *\n" + reformattedQuery + "\n***"); // headers // sb.append("# Query: " + query + NEWLINE); sb.append("# Query: " + reformattedQuery.replaceAll("\n", "\n# ") + NEWLINE); sb.append("# "); // System.out.println("ncols: " + numCols); // System.out.println("nrows: " + numRows); for (int col = 0; col < numCols; col++) { sb.append(metaData.getColumnLabel(col + 1)); if (col < numCols - 1) sb.append(SEPARATOR); } sb.append(NEWLINE); for (int row = 0; row < numRows; row++) { results.absolute(row + 1); // Go to the specified row for (int col = 0; col < numCols; col++) { Object o = results.getObject(col + 1); // Get value of the column // logger.warn(row + " , "+col+" : "+ o.toString()); if (o == null) s = "null"; else s = o.toString(); if (col < numCols - 1) sb.append(s).append(SEPARATOR); else sb.append(s); } sb.append(NEWLINE); } } catch (SQLException e) { sb.append("ERROR in execution of query: " + e.getMessage()); } finally { Main.getDefaultStorage().close(connection); } return sb.toString(); }
public void deleteTopDomain(CFSecurityAuthorization Authorization, CFInternetTopDomainBuff Buff) { final String S_ProcName = "deleteTopDomain"; ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); long TenantId = Buff.getRequiredTenantId(); long Id = Buff.getRequiredId(); final String sql = "CALL sp_delete_tdomdef( ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + ", " + "?" + " )"; if (stmtDeleteByPKey == null) { stmtDeleteByPKey = cnx.prepareStatement(sql); } int argIdx = 1; stmtDeleteByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtDeleteByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtDeleteByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtDeleteByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtDeleteByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtDeleteByPKey.setLong(argIdx++, TenantId); stmtDeleteByPKey.setLong(argIdx++, Id); stmtDeleteByPKey.setInt(argIdx++, Buff.getRequiredRevision()); ; resultSet = stmtDeleteByPKey.executeQuery(); if (resultSet.next()) { int deleteFlag = resultSet.getInt(1); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } } else { throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Expected 1 record result set to be returned by delete, not 0 rows"); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
public void connectItems(String query) // PRE: query must be initialized // POST: Updates the list of Items based on the query. { String driver = "org.apache.derby.jdbc.ClientDriver"; // Driver for DB String url = "jdbc:derby://localhost:1527/ShopDataBase"; // Url for DB String user = "******"; // Username for db String pass = "******"; // Password for db Connection myConnection; // Connection obj to db Statement stmt; // Statement to execute a result appon ResultSet results; // A set containing the returned results int rowcount; // Num objects in the resultSet int i; // Index for the array try { // Try connection to db Class.forName(driver).newInstance(); // Create our db driver myConnection = DriverManager.getConnection(url, user, pass); // Initalize our connection stmt = myConnection.createStatement( ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE); // Create a new statement results = stmt.executeQuery(query); // Store the results of our query rowcount = 0; if (results.last()) // Go to the last result { rowcount = results.getRow(); results.beforeFirst(); } itemsArray = new Item[rowcount]; i = 0; while (results.next()) // Itterate through the results set { itemsArray[i] = new Item( results.getInt("item_id"), results.getString("item_name"), results.getString("item_type"), results.getInt("price"), results.getInt("owner_id"), results.getString("item_path")); // Creat new Item i++; } results.close(); // Close the ResultSet stmt.close(); // Close the statement myConnection.close(); // Close the connection to db } catch (Exception e) // Cannot connect to db { System.err.println(e.toString()); System.err.println("Error, something went horribly wrong in connectItems!"); } }
public void deleteURLProtocolByIsSecureIdx( CFSecurityAuthorization Authorization, boolean argIsSecure) { final String S_ProcName = "deleteURLProtocolByIsSecureIdx"; ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); final String sql = "CALL sp_delete_urlproto_by_issecureidx( ?, ?, ?, ?, ?" + ", " + "?" + " )"; if (stmtDeleteByIsSecureIdx == null) { stmtDeleteByIsSecureIdx = cnx.prepareStatement(sql); } int argIdx = 1; stmtDeleteByIsSecureIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtDeleteByIsSecureIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtDeleteByIsSecureIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtDeleteByIsSecureIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtDeleteByIsSecureIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); if (argIsSecure) { stmtDeleteByIsSecureIdx.setString(argIdx++, "Y"); } else { stmtDeleteByIsSecureIdx.setString(argIdx++, "N"); } resultSet = stmtDeleteByIsSecureIdx.executeQuery(); if (resultSet.next()) { int deleteFlag = resultSet.getInt(1); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } } else { throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Expected 1 record result set to be returned by delete, not 0 rows"); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
public CFSecurityISOCountryCurrencyBuff lockBuff( CFSecurityAuthorization Authorization, CFSecurityISOCountryCurrencyPKey PKey) { final String S_ProcName = "lockBuff"; if (!schema.isTransactionOpen()) { throw CFLib.getDefaultExceptionFactory() .newUsageException(getClass(), S_ProcName, "Transaction not open"); } ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); short ISOCountryId = PKey.getRequiredISOCountryId(); short ISOCurrencyId = PKey.getRequiredISOCurrencyId(); final String sql = "CALL sp_lock_iso_cntryccy( ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + " )"; if (stmtLockBuffByPKey == null) { stmtLockBuffByPKey = cnx.prepareStatement(sql); } int argIdx = 1; stmtLockBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtLockBuffByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtLockBuffByPKey.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtLockBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtLockBuffByPKey.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtLockBuffByPKey.setShort(argIdx++, ISOCountryId); stmtLockBuffByPKey.setShort(argIdx++, ISOCurrencyId); resultSet = stmtLockBuffByPKey.executeQuery(); if (resultSet.next()) { CFSecurityISOCountryCurrencyBuff buff = unpackISOCountryCurrencyResultSetToBuff(resultSet); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } return (buff); } else { return (null); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void bad() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticTrue) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public CFSecurityHostNodeBuff readBuffByUDescrIdx( CFSecurityAuthorization Authorization, long ClusterId, String Description) { final String S_ProcName = "readBuffByUDescrIdx"; ResultSet resultSet = null; try { Connection cnx = schema.getCnx(); String sql = "{ call sp_read_hostnode_by_udescridx( ?, ?, ?, ?, ?" + ", " + "?" + ", " + "?" + " ) }"; if (stmtReadBuffByUDescrIdx == null) { stmtReadBuffByUDescrIdx = cnx.prepareStatement(sql); } int argIdx = 1; stmtReadBuffByUDescrIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByUDescrIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecUserId().toString()); stmtReadBuffByUDescrIdx.setString( argIdx++, (Authorization == null) ? "" : Authorization.getSecSessionId().toString()); stmtReadBuffByUDescrIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecClusterId()); stmtReadBuffByUDescrIdx.setLong( argIdx++, (Authorization == null) ? 0 : Authorization.getSecTenantId()); stmtReadBuffByUDescrIdx.setLong(argIdx++, ClusterId); stmtReadBuffByUDescrIdx.setString(argIdx++, Description); resultSet = stmtReadBuffByUDescrIdx.executeQuery(); if ((resultSet != null) && resultSet.next()) { CFSecurityHostNodeBuff buff = unpackHostNodeResultSetToBuff(resultSet); if (resultSet.next()) { resultSet.last(); throw CFLib.getDefaultExceptionFactory() .newRuntimeException( getClass(), S_ProcName, "Did not expect multi-record response, " + resultSet.getRow() + " rows selected"); } return (buff); } else { return (null); } } catch (SQLException e) { throw CFLib.getDefaultExceptionFactory().newDbException(getClass(), S_ProcName, e); } finally { if (resultSet != null) { try { resultSet.close(); } catch (SQLException e) { } resultSet = null; } } }
private int getRowCount(ResultSet rs) { int count = 0; try { rs.absolute(-1); count = rs.getRow(); rs.beforeFirst(); } catch (SQLException e) { printSQLException(e); } return count; }
public void readData() { try { Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con = DriverManager.getConnection( "jdbc:odbc:Driver={Microsoft Excel Driver (*.xls)};DBQ=" + filep); stmnt = con.createStatement(ResultSet.TYPE_SCROLL_INSENSITIVE, ResultSet.CONCUR_UPDATABLE); rst = con.getMetaData().getTables(null, null, "%", null); rst.next(); String SheetName = rst.getString(3); String query = "Select distinct * from [" + SheetName + "]"; rs = stmnt.executeQuery(query); if (rs != null) { rs.last(); RowCount = rs.getRow(); rs.beforeFirst(); // stmnt.close(); rst.close(); if (RowCount > 0) { registno = new String[RowCount]; name = new String[RowCount]; kdno = new int[RowCount]; kcno = new double[RowCount]; ccno = new double[RowCount]; seat = new double[RowCount]; i = 0; while (rs.next() && (rs.getString(1) != null)) { // rs.next(); i++; try { registno[i] = rs.getString(1); name[i] = rs.getString(2); kdno[i] = Integer.parseInt(rs.getString(3)); kcno[i] = Double.parseDouble(rs.getString(4)); ccno[i] = Double.parseDouble(rs.getString(5)); seat[i] = Double.parseDouble(rs.getString(6)); System.out.println(i); } catch (Exception e) { e.printStackTrace(); } } } } rs.close(); con.close(); } catch (Exception e) { // System.out.println("fail to get student connection"); } }
/* goodB2G1() - use badsource and goodsink by setting the static variable to false instead of true */ public void goodB2G1Sink(String data) throws Throwable { if (CWE89_SQL_Injection__connect_tcp_executeQuery_22a.goodB2G1PublicStatic) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { Connection dbConnection = null; PreparedStatement sqlStatement = null; ResultSet resultSet = null; try { /* FIX: Use prepared statement and executeQuery (properly) */ dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.prepareStatement("select * from users where name=?"); sqlStatement.setString(1, data); resultSet = sqlStatement.executeQuery(); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }