Permalink
Browse files

Just in case.

  • Loading branch information...
1 parent 7f4efe1 commit 0af3c7ab7de27d47c7c0147e3401a11c30c40bfd @t00thpick1 t00thpick1 committed Mar 30, 2013
Showing with 6 additions and 3 deletions.
  1. +6 −3 src/main/java/com/gmail/nossr50/database/DatabaseManager.java
@@ -413,9 +413,10 @@ public static boolean checkConnected() {
String skillName = skillType.name().toLowerCase();
String sql = "SELECT COUNT(*) AS rank FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id WHERE " + skillName + " > 0 " +
"AND " + skillName + " > (SELECT " + skillName + " FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id " +
- "WHERE user = '" + playerName + "')";
+ "WHERE user = ?)";
PreparedStatement statement = connection.prepareStatement(sql);
+ statement.setString(1, playerName);
resultSet = statement.executeQuery();
resultSet.next();
@@ -443,9 +444,10 @@ public static boolean checkConnected() {
"WHERE taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing > 0 " +
"AND taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing > " +
"(SELECT taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing " +
- "FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id WHERE user = '" + playerName + "')";
+ "FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id WHERE user = ?)";
PreparedStatement statement = connection.prepareStatement(sql);
+ statement.setString(1, playerName);
resultSet = statement.executeQuery();
resultSet.next();
@@ -457,9 +459,10 @@ public static boolean checkConnected() {
"WHERE taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing > 0 " +
"AND taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing = " +
"(SELECT taming+mining+woodcutting+repair+unarmed+herbalism+excavation+archery+swords+axes+acrobatics+fishing " +
- "FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id WHERE user = '" + playerName + "') ORDER BY user";
+ "FROM " + tablePrefix + "users JOIN " + tablePrefix + "skills ON user_id = id WHERE user = ?) ORDER BY user";
statement = connection.prepareStatement(sql);
+ statement.setString(1, playerName);
resultSet = statement.executeQuery();
while (resultSet.next()) {

0 comments on commit 0af3c7a

Please sign in to comment.