Code Review / dmaap / datarouter.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix new sonar vulnerabilities
[dmaap/datarouter.git] / datarouter-prov / src / main / java / org / onap / dmaap / datarouter / provisioning / beans / Parameters.java
diff --git a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
index 3e8c90b..b237821 100644 (file)
--- a/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
+++ b/datarouter-prov/src/main/java/org/onap/dmaap/datarouter/provisioning/beans/Parameters.java
@@ -118,9 +118,9 @@ public class Parameters extends Syncable {
             DB db = new DB();\r
             @SuppressWarnings("resource")\r
             Connection conn = db.getConnection();\r
-            try(Statement stmt = conn.createStatement()) {\r
-                String sql = "select KEYNAME, VALUE from PARAMETERS where KEYNAME = '" + k + "'";\r
-                try(ResultSet rs = stmt.executeQuery(sql)) {\r
+            try(PreparedStatement stmt = conn.prepareStatement("select KEYNAME, VALUE from PARAMETERS where KEYNAME = ?")) {\r
+                stmt.setString(1, k);\r
+                try(ResultSet rs = stmt.executeQuery()) {\r
                     if (rs.next()) {\r
                         v = new Parameters(rs);\r
                     }\r
The Data Routing System project is intended to provide a common framework by which data producers can make data available to data consumers and a way for potential consumers to find feeds with the data they require. The interface to DR is exposed as a RESTful web service known as the DR Publishing and Delivery API