| Code with Finding: |
class SocialNetworkDatabasePosts { /** * Inserts the reply for the given post. * Updates the originating post's dateLastUpdated * Assumes the board, the region, and the post are valid. */ public static String createReply(Connection conn, String username, String contentRaw, String boardName, String regionName, int postNum) { String content = SharedKeyCrypto.encrypt(contentRaw); PreparedStatement createPstmt = null; String createReply = ""; PreparedStatement getDatePstmt = null; String getDate = ""; ResultSet dateResult = null; PreparedStatement updateDatePstmt = null; String updateDate = ""; if (boardName.equals("freeforall")) { createReply = "INSERT INTO freeforall.replies " + "VALUES (?, null, ?, NOW(), ?, ?)"; getDate = "SELECT MAX(dateReplied) FROM freeforall.replies " + "WHERE pid = ?"; updateDate = "UPDATE freeforall.posts SET dateLastUpdated = ? " + "WHERE pid = ?"; } else { createReply = "INSERT INTO " + boardName + ".replies " + "VALUES (?, ?, null, ?, NOW(), ?, ?)"; getDate = "SELECT MAX(dateReplied) FROM " + boardName + ".replies " + "WHERE pid = ? AND rname = ?"; updateDate = "UPDATE " + boardName + ".posts SET dateLastUpdated = ? " + "WHERE pid = ? AND rname = ?"; } boolean successInsert = false; boolean successUpdate = false; boolean sqlex = false; try { conn.setAutoCommit(false); createPstmt = conn.prepareStatement(createReply); //calculate a checksum for the content byte[] contentBytes = null; try { contentBytes = contentRaw.getBytes("UTF8"); } catch (UnsupportedEncodingException e) {//should not happen } String checksum = CryptoUtil.encode(Hash.generateChecksum(contentBytes)); Arrays.fill(contentBytes, (byte)0x00); if (boardName.equals("freeforall")) { createPstmt.setInt(1, postNum); createPstmt.setString(2, username); createPstmt.setString(3, content); createPstmt.setString(4, checksum); } else { createPstmt.setString(1 , regionName); createPstmt.setInt(2, postNum); createPstmt.setString(3, username); createPstmt.setString(4, content); createPstmt.setString(5, checksum); } successInsert = (createPstmt.executeUpdate() == 1); if (successInsert) { /* Get the timestamp of the most recent reply!*/ getDatePstmt = conn.prepareStatement(getDate); getDatePstmt.setInt(1, postNum); if (!boardName.equals("freeforall")) { getDatePstmt.setString(2, regionName); } dateResult = getDatePstmt.executeQuery(); if (dateResult.next()) {//only expect one result, the max. /*Update the record with this time*/ updateDatePstmt = conn.prepareStatement(updateDate); updateDatePstmt.setTimestamp(1, dateResult.getTimestamp("MAX(dateReplied)")); updateDatePstmt.setInt(2, postNum); if (!boardName.equals("freeforall")) { updateDatePstmt.setString(3, regionName); } successUpdate = (updateDatePstmt.executeUpdate() == 1); if (successUpdate) { conn.commit(); } else { conn.rollback(); } } else { conn.rollback(); } } else { conn.rollback(); } } catch (SQLException e) { e.printStackTrace(); System.out.println(e.getSQLState()); DBManager.rollback(conn); sqlex = true; } finally { DBManager.trueAutoCommit(conn); DBManager.closePreparedStatement(createPstmt); DBManager.closePreparedStatement(getDatePstmt); DBManager.closePreparedStatement(updateDatePstmt); DBManager.closeResultSet(dateResult); } if (!successInsert || !successUpdate || sqlex) { return "print Error: Database error while inserting reply. Contact an admin"; } else if (successInsert && successUpdate) { return "print Reply successfully added. Refresh the post to view"; } else { return "print Error: Reply could not be uploaded. If this problem persists, contact an admin"; } }}
|
