-
Notifications
You must be signed in to change notification settings - Fork 1
/
IgnoreCommand.java
55 lines (44 loc) · 1.57 KB
/
IgnoreCommand.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
package com.veracode.verademo.commands;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import org.apache.log4j.LogManager;
import org.apache.log4j.Logger;
public class IgnoreCommand implements BlabberCommand {
private static final Logger logger = LogManager.getLogger("VeraDemo:IgnoreCommand");
private Connection connect;
private String username;
public IgnoreCommand(Connection connect, String username) {
super();
this.connect = connect;
this.username = username;
}
@Override
public void execute(String blabberUsername) {
String sqlQuery = "DELETE FROM listeners WHERE blabber=? AND listener=?;";
logger.info(sqlQuery);
PreparedStatement action;
try {
action = connect.prepareStatement(sqlQuery);
action.setString(1, blabberUsername);
action.setString(2, username);
action.execute();
sqlQuery = "SELECT blab_name FROM users WHERE username = '" + blabberUsername + "'";
Statement sqlStatement = connect.createStatement();
logger.info(sqlQuery);
ResultSet result = sqlStatement.executeQuery(sqlQuery);
result.next();
/* START BAD CODE */
String event = username + " is now ignoring " + blabberUsername + "(" + result.getString(1) + ")";
sqlQuery = "INSERT INTO users_history (blabber, event) VALUES (\"" + username + "\", \"" + event + "\")";
logger.info(sqlQuery);
sqlStatement.execute(sqlQuery);
/* END BAD CODE */
} catch (SQLException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
}