import java.io.PrintWriter;
import java.util.List;
+import javax.script.SimpleBindings;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
if(finalName.contains("\\")){
finalName = finalName.replace("\\", "\\\\");
}
- String query = "from WatchPolicyNotificationTable where POLICYNAME = '"+finalName+"' and LOGINIDS = '"+userId+"'";
- List<Object> watchList = commonClassDao.getDataByQuery(query);
+ String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
+ SimpleBindings params = new SimpleBindings();
+ params.put("finalName", finalName);
+ params.put("userId", userId);
+ List<Object> watchList = commonClassDao.getDataByQuery(query, params);
if(watchList.isEmpty()){
if(finalName.contains("\\\\")){
finalName = finalName.replace("\\\\", File.separator);