Code with Misuse: |
class DatabaseAdmin { /** * Precondition: user is an admin. If user is an SA, nothing is done and returns -1. * @param conn * @param username * @return */ public static int replaceBoardManager(Connection conn, String username) { int status = -1; Connection tempConn = DBManager.getConnection(); String sa = saOfUsersGroup(tempConn, username); DBManager.closeConnection(tempConn); if (sa == null || sa.equals(username)) { if (DEBUG) { System.err.printf("sa = %s, username = %s\n", sa, username); } return status; } String query = "UPDATE main.boards SET managedby = ? WHERE managedby = ?"; PreparedStatement pstmt = null; try { pstmt = conn.prepareStatement(query); pstmt.setString(1, sa); pstmt.setString(2, username); status = pstmt.executeUpdate(); if (DEBUG) System.err.printf("status = %d\n", status); } catch (SQLException e) { if (DEBUG) { System.err.println("failing cuz SQLException"); e.printStackTrace(); } status = -1; } return status; }
}
|