| Code with Misuse: |
class DatabaseAdmin {
/**
* Precondition: user is an admin. If user is an SA, nothing is done and returns -1.
* @param conn
* @param username
* @return
*/
public static int replaceBoardManager(Connection conn, String username) {
int status = -1;
Connection tempConn = DBManager.getConnection();
String sa = saOfUsersGroup(tempConn, username);
DBManager.closeConnection(tempConn);
if (sa == null || sa.equals(username)) {
if (DEBUG) {
System.err.printf("sa = %s, username = %s\n", sa, username);
}
return status;
}
String query = "UPDATE main.boards SET managedby = ? WHERE managedby = ?";
PreparedStatement pstmt = null;
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, sa);
pstmt.setString(2, username);
status = pstmt.executeUpdate();
if (DEBUG) System.err.printf("status = %d\n", status);
} catch (SQLException e) {
if (DEBUG) {
System.err.println("failing cuz SQLException");
e.printStackTrace();
}
status = -1;
}
return status;
}
}
|
