Use a variable binding instead of concatenation.
Issue-ID: OJSI-174
Signed-off-by: Dominik Orliński <d.orlinski@samsung.com>
Change-Id: I0574e882e4d500408b6a6bab8986822669cba5d4
logger.debug("WidgetCatalogServiceImpl.getWidgetCatalog: result={}", widgets);
return widgets;
}
logger.debug("WidgetCatalogServiceImpl.getWidgetCatalog: result={}", widgets);
return widgets;
}
private void updateAppId(long widgetId, Set<RoleApp> roles){
Session session = sessionFactory.openSession();
for(RoleApp role: roles){
private void updateAppId(long widgetId, Set<RoleApp> roles){
Session session = sessionFactory.openSession();
for(RoleApp role: roles){
- String sql = "UPDATE ep_widget_catalog_role SET app_id = " + role.getApp().getAppId() + " WHERE widget_id = " + widgetId + " AND ROLE_ID = " + role.getRoleId() ;
+ String sql = "UPDATE ep_widget_catalog_role SET app_id = :appId WHERE widget_id = :widgetId AND ROLE_ID = :roleId" ;
Query query = session.createSQLQuery(sql);
Query query = session.createSQLQuery(sql);
+ query.setParameter("appId", role.getApp().getAppId());
+ query.setParameter("widgetId", widgetId);
+ query.setParameter("roleId", role.getRoleId());
query.executeUpdate();
}
session.flush();
query.executeUpdate();
}
session.flush();