apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-11-02 20:02:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix findbugs SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in Upgrade30xBase.java There was no risk of sql injection here, nor any need to use PreparedStatement, still, this fixes the warning

Browse Source 
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

This closes #442
This commit is contained in:
Rafael da Fonseca 2015-06-14 19:17:14 +02:00 committed by Rohit Yadav
parent 869cc0c9f2
commit 4eaa613a0b
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
View File

@ -32,12 +32,13 @@ public abstract class Upgrade30xBase implements DbUpgrade {
final static Logger s_logger = Logger.getLogger(Upgrade30xBase.class);
protected String getNetworkLabelFromConfig(Connection conn, String name) {
String sql = "SELECT value FROM `cloud`.`configuration` where name = '" + name + "'";
String sql = "SELECT value FROM `cloud`.`configuration` where name = ?";
String networkLabel = null;
PreparedStatement pstmt = null;
ResultSet rs = null;
try {
pstmt = conn.prepareStatement(sql);
pstmt.setString(1,name);
rs = pstmt.executeQuery();
if (rs.next()) {
networkLabel = rs.getString(1);