private PreparedStatement getDeleteStatementWithVersion(Connection conn, EntityType entityType, String entityName, int entityVersion) throws SQLException { String entityTypeId = entityType.getId(); // immune to sql injection since it comes from the enum. String queryStr = "DELETE FROM " + entityTypeId + "s WHERE name=? AND version=? AND tenant_id=?"; PreparedStatement statement = conn.prepareStatement(queryStr); statement.setString(1, entityName); statement.setInt(2, entityVersion); statement.setString(3, account.getTenantId()); return statement; }
@Override public PreparedStatement createInsertStatement(Connection conn) throws SQLException { String entityTypeId = entityType.getId(); // immune to sql injection since it comes from the enum. String queryStr = "INSERT INTO " + entityTypeId + "s (name, version, tenant_id, " + entityTypeId + ") VALUES (?, ?, ?, ?)"; PreparedStatement statement = conn.prepareStatement(queryStr); statement.setString(1, entityName); statement.setInt(2, version); statement.setString(3, account.getTenantId()); statement.setBytes(4, data); return statement; } }
protected PreparedStatement getSelectStatement(Connection conn, EntityType entityType, String entityName, int entityVersion) throws SQLException { String entityTypeId = entityType.getId(); // immune to sql injection since everything is an enum or constant StringBuilder queryStr = new StringBuilder(); queryStr.append("SELECT "); queryStr.append(entityTypeId); queryStr.append(" FROM "); queryStr.append(entityTypeId); queryStr.append("s WHERE name=? AND tenant_id=? AND version="); if (entityVersion == Constants.FIND_MAX_VERSION) { queryStr.append(String.format("(SELECT MAX(version) FROM %ss WHERE name=? AND tenant_id=?)", entityTypeId)); } else { queryStr.append("?"); } String tenantId = (entityType == EntityType.AUTOMATOR_TYPE || entityType == EntityType.PROVIDER_TYPE) ? Constants.SUPERADMIN_TENANT : account.getTenantId(); PreparedStatement statement = conn.prepareStatement(queryStr.toString()); statement.setString(1, entityName); statement.setString(2, tenantId); if (entityVersion == Constants.FIND_MAX_VERSION) { statement.setString(3, entityName); statement.setString(4, tenantId); } else { statement.setInt(3, entityVersion); } return statement; }
public void clearData() throws SQLException { Connection conn = dbConnectionPool.getConnection(); try { for (BaseEntityStoreView.EntityType type : BaseEntityStoreView.EntityType.values()) { Statement stmt = conn.createStatement(); try { stmt.execute("DELETE FROM " + type.getId() + "s"); } finally { stmt.close(); } } } finally { conn.close(); } }
@Override protected void startUp() throws Exception { if (dbConnectionPool.isEmbeddedDerbyDB()) { for (BaseEntityStoreView.EntityType entityType : BaseEntityStoreView.EntityType.values()) { String entityName = entityType.getId(); // immune to sql injection since it comes from the enum String createString = "CREATE TABLE " + entityName + "s ( name VARCHAR(255), version BIGINT, tenant_id VARCHAR(255), " + entityName + " BLOB, PRIMARY KEY (tenant_id, name, version))"; DBHelper.createDerbyTableIfNotExists(createString, dbConnectionPool); } } }
protected PreparedStatement getSelectMaxVersionStatement(Connection conn, EntityType entityType, String entityName) throws SQLException { String entityTypeId = entityType.getId(); // immune to sql injection since everything is an enum or constant String query = "SELECT MAX(version) FROM " + entityTypeId + "s WHERE name=? AND tenant_id=?"; PreparedStatement statement = conn.prepareStatement(query); statement.setString(1, entityName); statement.setString(2, account.getTenantId()); return statement; }
private PreparedStatement getDeleteStatementWithoutVersion(Connection conn, EntityType entityType, String entityName) throws SQLException { String entityTypeId = entityType.getId(); // immune to sql injection since it comes from the enum. String queryStr = "DELETE FROM " + entityTypeId + "s WHERE name=? AND tenant_id=?"; PreparedStatement statement = conn.prepareStatement(queryStr); statement.setString(1, entityName); statement.setString(2, account.getTenantId()); return statement; }