Use PrepareStatement to replace string concatenation (#3393)

alibaba · Jul 21, 2020 · 2eaed4b · 2eaed4b
1 parent 5eb7d6a
commit 2eaed4b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/...ba/nacos/config/server/service/repository/embedded/EmbeddedStoragePersistServiceImpl.java b/...ba/nacos/config/server/service/repository/embedded/EmbeddedStoragePersistServiceImpl.java
@@ -1078,8 +1078,8 @@ public int configInfoCount() {
 
     @Override
     public int configInfoCount(String tenant) {
-        String sql = " SELECT COUNT(ID) FROM config_info where tenant_id like '" + tenant + "'";
-        Integer result = databaseOperate.queryOne(sql, Integer.class);
+        String sql = " SELECT COUNT(ID) FROM config_info where tenant_id like ?";
+        Integer result = databaseOperate.queryOne(sql, new Object[] {tenant}, Integer.class);
         if (result == null) {
             throw new IllegalArgumentException("configInfoCount error");
         }

diff --git a/...aba/nacos/config/server/service/repository/extrnal/ExternalStoragePersistServiceImpl.java b/...aba/nacos/config/server/service/repository/extrnal/ExternalStoragePersistServiceImpl.java
@@ -1130,8 +1130,8 @@ public int configInfoCount() {
 
     @Override
     public int configInfoCount(String tenant) {
-        String sql = " SELECT COUNT(ID) FROM config_info where tenant_id like '" + tenant + "'";
-        Integer result = jt.queryForObject(sql, Integer.class);
+        String sql = " SELECT COUNT(ID) FROM config_info where tenant_id like ?";
+        Integer result = jt.queryForObject(sql, new Object[] {tenant}, Integer.class);
         if (result == null) {
             throw new IllegalArgumentException("configInfoCount error");
         }