X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=POLICY-SDK-APP%2Fsrc%2Fmain%2Fjava%2Forg%2Fonap%2Fpolicy%2Fcontroller%2FPolicyNotificationController.java;h=73121757336161718818673150b1a35e4089246e;hb=59e3ddb0f0698965962a7d5879a6e39a80744648;hp=f3291a79babd0a4c599f09bc8f7336db0ecd246f;hpb=827a2016429bc377e28d2a414b6bcbdf8b6dc924;p=policy%2Fengine.git

diff --git a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
index f3291a79b..731217573 100644
--- a/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
+++ b/POLICY-SDK-APP/src/main/java/org/onap/policy/controller/PolicyNotificationController.java
@@ -28,6 +28,7 @@ import java.io.File;
 import java.io.PrintWriter;
 import java.util.List;
 
+import javax.script.SimpleBindings;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
@@ -86,8 +87,11 @@ public class PolicyNotificationController extends RestrictedBaseController {
 			if(finalName.contains("\\")){
 				finalName = finalName.replace("\\", "\\\\");
 			}
-			String query = "from WatchPolicyNotificationTable where POLICYNAME = '"+finalName+"' and LOGINIDS = '"+userId+"'";
-			List<Object> watchList = commonClassDao.getDataByQuery(query);
+			String query = "from WatchPolicyNotificationTable where POLICYNAME = :finalName and LOGINIDS = :userId";
+			SimpleBindings params = new SimpleBindings();
+			params.put("finalName", finalName);
+			params.put("userId", userId);
+			List<Object> watchList = commonClassDao.getDataByQuery(query, params);
 			if(watchList.isEmpty()){
 				if(finalName.contains("\\\\")){
 					finalName = finalName.replace("\\\\", File.separator);