Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

com.wm.app.tn.db
Class SQLStatements

java.lang.Object
  extended by com.wm.app.tn.db.SQLStatements

public class SQLStatements
extends java.lang.Object

Constructor Summary
SQLStatements()
           
 
Method Summary
static
<T> java.util.Map<java.lang.Integer,T>
getPreparedStatementBindings(java.lang.String formattedSQLString, java.util.Map<java.lang.String,T> mapIdentifierLiteralValues)
          Prevents SQL injection - OTN-11596 Requires SQL argument to be formatted in a way Eg: SELECT PartName, MimeType, StorageType, ContentLength, Content, PartIndex, StorageRef FROM BizDocContent WHERE DocID = ? AND " + "PartName IN (?, ?, ?, ?) AND " + "PartName NOT IN (?, ?, ?, ?, ?)
static java.lang.String getPureSQLString(java.lang.String formattedSQLString)
          Prevents SQL injection - OTN-11596
static java.lang.String getSql(java.lang.String which)
          Get a single SQL operation.
static void init(boolean ifCacheStmts)
           
static void main(java.lang.String[] args)
           
static java.sql.PreparedStatement prepareStatement(java.sql.Connection conn, java.lang.String which)
          Prepare a statement.
static void releaseStatement(java.sql.PreparedStatement stmt)
          Release a previously prepared statement.
 
Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SQLStatements

public SQLStatements()
Method Detail

init

public static void init(boolean ifCacheStmts)

getSql

public static java.lang.String getSql(java.lang.String which)
                               throws java.sql.SQLException
Get a single SQL operation.

Parameters:
which - the SQL operation to fetch (e.g. "bda.select.all")
Returns:
the defined SQL operation
Throws:
java.sql.SQLException - if the specified operation hasn't been defined, or the operations haven't been read from disk

prepareStatement

public static java.sql.PreparedStatement prepareStatement(java.sql.Connection conn,
                                                          java.lang.String which)
                                                   throws java.sql.SQLException
Prepare a statement.

Parameters:
conn - the connection on which to prepare the statement
which - which SQL statement to prepare
Throws:
java.sql.SQLException - if the specified operation hasn't been defined, or the operations haven't been read from disk

releaseStatement

public static void releaseStatement(java.sql.PreparedStatement stmt)
Release a previously prepared statement. If statement caching is turned off, the statement is closed, otherwise nothing happens.

Parameters:
stmt - the statement to close
Throws:
java.sql.SQLException - if an error happens on the close

getPreparedStatementBindings

public static <T> java.util.Map<java.lang.Integer,T> getPreparedStatementBindings(java.lang.String formattedSQLString,
                                                                                  java.util.Map<java.lang.String,T> mapIdentifierLiteralValues)
Prevents SQL injection - OTN-11596 Requires SQL argument to be formatted in a way Eg: SELECT PartName, MimeType, StorageType, ContentLength, Content, PartIndex, StorageRef FROM BizDocContent WHERE DocID = ? AND " + "PartName IN (?, ?, ?, ?) AND " + "PartName NOT IN (?, ?, ?, ?, ?)

Parameters:
sqlStr - SQL string statement
mapIdentifierLiteralValues - mapping between identifiers and values (maybe string values or arrays) Example: Map map = new HashMap(); map.put("DocID", "1234"); map.put("includeParts", new ArrayList(Arrays.asList("i0", "i1", "i2", "i3"))); map.put("excludeParts", new ArrayList(Arrays.asList("e0", "e1", "e2", "e3", "e4")));
Returns:
map binding which can be used in prepared statements

getPureSQLString

public static java.lang.String getPureSQLString(java.lang.String formattedSQLString)
Prevents SQL injection - OTN-11596

Parameters:
sqlStr - formatted SQL string which cannot be used to prepare a statement because of "?" in it Example: String sql = "SELECT PartName, MimeType, StorageType, ContentLength, Content, PartIndex, StorageRef FROM BizDocContent WHERE DocID = ? AND " + "PartName IN (?, ?, ?, ?) AND " + "PartName NOT IN (?, ?, ?, ?, ?)
Returns:
SQL string with formatting removed which can be used to prepare a statement Example: SELECT PartName, MimeType, StorageType, ContentLength, Content, PartIndex, StorageRef FROM BizDocContent WHERE DocID = ? AND PartName IN (?, ?, ?, ?) AND PartName NOT IN (?, ?, ?, ?, ?)
Throws:
java.lang.Exception

main

public static void main(java.lang.String[] args)
                 throws java.lang.Exception
Throws:
java.lang.Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    All Classes
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD