Review

finding-8

/mubench/checkouts/chensun/cf23b99/build/CS5430/src/database/DatabaseAdmin.java

editParticipant(Connection, String, String, String, String)

class DatabaseAdmin {
	public static int editParticipant(Connection conn, String board, String region, String username, String priv) {
		int status = -1;
		String query = "";
		if (board.equals("freeforall")) {
			query = "UPDATE freeforall.postprivileges SET privilege = ? " +
					"WHERE pid = ? AND username = ?";
		} else {
			query = "UPDATE " + board + ".regionprivileges SET privilege = ? " +
					"WHERE rname = ? AND username = ?";
		}
		PreparedStatement pstmt = null;
		try {
			pstmt = conn.prepareStatement(query);
			pstmt.setString(1, priv);
			pstmt.setString(3, username);
			if (board.equals("freeforall")) {
				pstmt.setInt(2, Integer.parseInt(region));
			} else {
				pstmt.setString(2, region);
			}
			status = pstmt.executeUpdate();
		} catch (SQLException e) {
			status = -1;
		} finally {
			DBManager.closePreparedStatement(pstmt);
		}
		return status;
	}

}