From 4eaa613a0b78283bfeffa68a499df720a9fe45bf Mon Sep 17 00:00:00 2001
From: Rafael da Fonseca <rsafonseca@gmail.com>
Date: Sun, 14 Jun 2015 19:17:14 +0200
Subject: [PATCH] Fix findbugs
 SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING warning in
 Upgrade30xBase.java There was no risk of sql injection here, nor any need to
 use PreparedStatement, still, this fixes the warning

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>

This closes #442
---
 engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java b/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
index 4a418573ea0..aacede083fa 100644
--- a/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
+++ b/engine/schema/src/com/cloud/upgrade/dao/Upgrade30xBase.java
@@ -32,12 +32,13 @@ public abstract class Upgrade30xBase implements DbUpgrade {
     final static Logger s_logger = Logger.getLogger(Upgrade30xBase.class);
 
     protected String getNetworkLabelFromConfig(Connection conn, String name) {
-        String sql = "SELECT value FROM `cloud`.`configuration` where name = '" + name + "'";
+        String sql = "SELECT value FROM `cloud`.`configuration` where name = ?";
         String networkLabel = null;
         PreparedStatement pstmt = null;
         ResultSet rs = null;
         try {
             pstmt = conn.prepareStatement(sql);
+            pstmt.setString(1,name);
             rs = pstmt.executeQuery();
             if (rs.next()) {
                 networkLabel = rs.getString(1);