1515
1616public class DatabaseAccess implements DataService {
1717
18+ private final String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
1819 /* (non-Javadoc)
1920 * @see models.DataService#login(java.lang.String, java.lang.String)
2021 */
2122 @ Override
2223 public Account login (String username , String password ){
2324 Account account = null ;
2425 Driver driver = new SQLServerDriver ();
25- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
2626 try {
2727 Connection con = driver .connect (connectionUrl , new Properties ());
28- PreparedStatement statement = con .prepareStatement ("Select userName, userPassword, userEmail, userRole from UserTable where userName = '" + username + "'" );
28+ PreparedStatement statement = con .prepareStatement ("Select userName, userPassword, userEmail, userRole from UserTable where userName = ?" );
29+ statement .setString (1 , username );
2930 ResultSet rs = statement .executeQuery ();
3031 rs .next ();
3132 String storedPass = rs .getString ("userPassword" );
@@ -55,11 +56,14 @@ public Account login(String username, String password){
5556 @ Override
5657 public void registerUser (Account user ){
5758 Driver driver = new SQLServerDriver ();
58- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
5959 try {
6060 Connection con = driver .connect (connectionUrl , new Properties ());
6161 PreparedStatement statement = con .prepareStatement ("Insert INTO UserTable (userName, userPassword, userEmail, userRole) "
62- + "VALUES ('" + user .getUsername () + "', '" + user .getPassword () + "', '" + user .getEmail () + "', '" + user .getRole ().toString () + "');" );
62+ + "VALUES (?, ?, ?, ?);" );
63+ statement .setString (1 , user .getUsername ());
64+ statement .setString (2 , user .getPassword ());
65+ statement .setString (3 , user .getEmail ());
66+ statement .setString (4 , user .getRole ().toString ());
6367 statement .execute ();
6468 System .out .println ("Registration Successful" );
6569 } catch (SQLException e ) {
@@ -79,10 +83,10 @@ public void registerUser(Account user){
7983 @ Override
8084 public void removeUser (Account user ){
8185 Driver driver = new SQLServerDriver ();
82- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
8386 try {
8487 Connection con = driver .connect (connectionUrl , new Properties ());
85- PreparedStatement statement = con .prepareStatement ("DELETE FROM UserTable WHERE userName='" + user .getUsername () + "'" );
88+ PreparedStatement statement = con .prepareStatement ("DELETE FROM UserTable WHERE userName=?" );
89+ statement .setString (1 , user .getUsername ());
8690 statement .execute ();
8791 System .out .println ("Removal sucessful" );
8892 } catch (SQLException e ) {
@@ -96,31 +100,33 @@ public void removeUser(Account user){
96100 @ Override
97101 public void updateUser (Account user ){
98102 Driver driver = new SQLServerDriver ();
99- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
100103 try {
101104 Connection con = driver .connect (connectionUrl , new Properties ());
102105 PreparedStatement statement = con .prepareStatement ("UPDATE UserTable "
103- + "SET userPassword='" + user .getPassword () + "', userEmail='" + user .getEmail () + "', userRole='" + user .getRole ().toString () + "'"
104- + "WHERE userName='" + user .getUsername () + "'" );
106+ + "SET userPassword=?, userEmail=?, userRole=?"
107+ + "WHERE userName=?" );
108+ statement .setString (1 , user .getPassword ());
109+ statement .setString (2 , user .getEmail ());
110+ statement .setString (3 , user .getRole ().toString ());
111+ statement .setString (4 , user .getUsername ());
105112 statement .execute ();
106113 System .out .println ("Update successful" );
107114 } catch (SQLException e ) {
108115 e .printStackTrace ();
109- }
116+ }
110117 }
111118
112119 /* (non-Javadoc)
113120 * @see models.DataService#getUserId(java.lang.String)
114121 */
115122 @ Override
116123 public int getUserId (String user ){
117- Account account = null ;
118124 int id = -1 ;
119125 Driver driver = new SQLServerDriver ();
120- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
121126 try {
122127 Connection con = driver .connect (connectionUrl , new Properties ());
123- PreparedStatement statement = con .prepareStatement ("Select userId from UserTable where userName = '" + user + "'" );
128+ PreparedStatement statement = con .prepareStatement ("Select userId from UserTable where userName = ?" );
129+ statement .setString (1 , user );
124130 ResultSet rs = statement .executeQuery ();
125131 rs .next ();
126132 String storedId = rs .getString ("userId" );
@@ -138,10 +144,10 @@ public int getUserId(String user){
138144 public String getUserName (int userId ){
139145 String userName = null ;
140146 Driver driver = new SQLServerDriver ();
141- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
142147 try {
143148 Connection con = driver .connect (connectionUrl , new Properties ());
144- PreparedStatement statement = con .prepareStatement ("Select userName from UserTable where userId = '" + userId + "'" );
149+ PreparedStatement statement = con .prepareStatement ("Select userName from UserTable where userId = ?" );
150+ statement .setInt (1 , userId );
145151 ResultSet rs = statement .executeQuery ();
146152 rs .next ();
147153 userName = rs .getString ("userName" );
@@ -159,26 +165,27 @@ public String getUserName(int userId){
159165 @ Override
160166 public void enterPost (Post post ){
161167 Driver driver = new SQLServerDriver ();
162- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
163168 try {
164169 Connection con = driver .connect (connectionUrl , new Properties ());
165170 PreparedStatement statement = con .prepareStatement ("Insert INTO PostTable (postTitle, postAuthorId, postTime, postContent) "
166171 + "VALUES ('" + post .getTitle () + "', '" + this .getUserId (post .getAuthor ()) + "', CURRENT_TIMESTAMP, '" + post .getMessage () + "');" );
172+ statement .setString (1 , post .getTitle ());
173+ statement .setInt (2 , this .getUserId (post .getAuthor ()));
174+ statement .setString (3 , post .getMessage ());
167175 statement .execute ();
168176 System .out .println ("Successful post" );
169177 } catch (SQLException e ) {
170178 e .printStackTrace ();
171179 }
172180 }
173-
181+
174182 /* (non-Javadoc)
175183 * @see models.DataService#retrievePost(java.lang.String)
176184 */
177185 @ Override
178186 public Post retrievePost (String postTitle ){
179187 Post post = null ;
180188 Driver driver = new SQLServerDriver ();
181- String connectionUrl = "jdbc:sqlserver://n8bu1j6855.database.windows.net:1433;database=VoyagerDB;user=VoyageLogin@n8bu1j6855;password={GroupP@ssword};encrypt=true;hostNameInCertificate=*.database.windows.net;loginTimeout=30;" ;
182189 try {
183190 Connection con = driver .connect (connectionUrl , new Properties ());
184191 PreparedStatement statement = con .prepareStatement ("Select postTitle, postAuthorId, postTime, postContent from PostTable where postTitle = '" + postTitle + "'" );
0 commit comments