ziver/hal
1
1
Fork 0
Code Pull requests Releases Activity

Preventing SQL-injection with PreparedStatement

Browse source 
Former-commit-id: 9954c913f528fa40be32b328b3ea1dad8ece8888
This commit is contained in:
Daniel Collin 2015-12-08 13:22:33 +01:00
parent c1af8a1e17
commit 0954e9c0c5
6 changed files with 147 additions and 105 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.classpath
View file

@ -2,8 +2,6 @@
<classpath>
<classpathentry kind="src" path="src"/>
<classpathentry kind="src" path="test"/>
<classpathentry kind="src" path="lib/sphinx4-5prealpha-src/sphinx4-core/src/main/java"/>
<classpathentry kind="src" path="lib/java-speech-api-master/src"/>
<classpathentry kind="lib" path="external/marytts-5.1.2/lib/icu4j-54.1.1.jar"/>
<classpathentry kind="lib" path="external/marytts-5.1.2/lib/marytts-client-5.1.2-jar-with-dependencies.jar"/>
<classpathentry kind="lib" path="external/marytts-5.1.2/lib/marytts-lang-de-5.1.2.jar"/>
@ -23,6 +21,8 @@
<classpathentry kind="lib" path="lib/marytts-runtime-5.1.2-jar-with-dependencies.jar"/>
<classpathentry kind="lib" path="lib/pi4j-core-1.0.jar"/>
<classpathentry kind="lib" path="lib/junit-4.12.jar"/>
<classpathentry kind="lib" path="lib/java-speech-api-master.jar"/>
<classpathentry kind="lib" path="lib/sphinx4-core.jar"/>
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER"/>
<classpathentry combineaccessrules="false" kind="src" path="/zutil-java"/>
<classpathentry kind="con" path="org.eclipse.jdt.junit.JUNIT_CONTAINER/4"/>

114
src/se/koc/hal/deamon/DataAggregatorDaemon.java
View file

@ -1,11 +1,11 @@
package se.koc.hal.deamon;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Calendar;
import java.util.List;
import java.util.Locale;
import java.util.Timer;
import java.util.TimerTask;
import java.util.logging.Logger;
@ -17,9 +17,6 @@ import zutil.db.SQLResultHandler;
import zutil.db.handler.SimpleSQLResult;
import zutil.log.LogUtil;
/**
* Created by Ziver on 2015-12-03.
*/
public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
private static final Logger logger = LogUtil.getLogger();
public static final long FIVE_MINUTES_IN_MS = 5 * 60 * 1000;
@ -49,40 +46,60 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
public void aggregateSensor(long sensorId) {
DBConnection db = HalContext.getDB();
PreparedStatement stmt = null;
try {
Long maxDBTimestamp = db.exec("SELECT MAX(timestamp_end) FROM sensor_data_aggr WHERE sensor_id == "+sensorId, new SimpleSQLResult<Long>());
stmt = db.getPreparedStatement("SELECT MAX(timestamp_end) FROM sensor_data_aggr WHERE sensor_id == ?");
stmt.setLong(1, sensorId);
Long maxDBTimestamp = DBConnection.exec(stmt, new SimpleSQLHandler<Long>());
if(maxDBTimestamp == null)
maxDBTimestamp = 0l;
// 5 minute aggregation
long minPeriodTimestamp = getTimestampMinutePeriodStart(5, System.currentTimeMillis());
logger.fine("Calculating 5 min periods... (from:"+ maxDBTimestamp +", to:"+ minPeriodTimestamp +")");
db.exec("SELECT * FROM sensor_data_raw "
+ "WHERE sensor_id == "+sensorId+" AND timestamp > " + maxDBTimestamp + " AND timestamp < " + minPeriodTimestamp
+ " ORDER BY timestamp ASC",
new FiveMinuteAggregator());
stmt = db.getPreparedStatement("SELECT * FROM sensor_data_raw"
+" WHERE sensor_id == ? AND timestamp > ? AND timestamp < ? "
+" ORDER BY timestamp ASC");
stmt.setLong(1, sensorId);
stmt.setLong(2, maxDBTimestamp);
stmt.setLong(3, minPeriodTimestamp);
DBConnection.exec(stmt, new FiveMinuteAggregator());
// hour aggregation
maxDBTimestamp = db.exec("SELECT MAX(timestamp_end) FROM sensor_data_aggr WHERE sensor_id == "+sensorId+" AND timestamp_end-timestamp_start == " + (HOUR_IN_MS-1), new SimpleSQLResult<Long>());
stmt = db.getPreparedStatement("SELECT MAX(timestamp_end) FROM sensor_data_aggr"
+" WHERE sensor_id == ? AND timestamp_end-timestamp_start == ?");
stmt.setLong(1, sensorId);
stmt.setLong(2, HOUR_IN_MS-1);
maxDBTimestamp = DBConnection.exec(stmt, new SimpleSQLHandler<Long>());
if(maxDBTimestamp == null)
maxDBTimestamp = 0l;
long hourPeriodTimestamp = getTimestampMinutePeriodStart(60, System.currentTimeMillis()-HOUR_AGGREGATION_OFFSET);
logger.fine("Calculating hour periods... (from:"+ maxDBTimestamp +", to:"+ hourPeriodTimestamp +")");
db.exec("SELECT * FROM sensor_data_aggr "
+ "WHERE sensor_id == "+sensorId+" AND " + maxDBTimestamp + " < timestamp_start AND timestamp_start < " + hourPeriodTimestamp + " AND timestamp_end-timestamp_start == " + (FIVE_MINUTES_IN_MS-1)
+" ORDER BY timestamp_start ASC",
new HourAggregator());
stmt = db.getPreparedStatement("SELECT * FROM sensor_data_aggr"
+" WHERE sensor_id == ? AND ? < timestamp_start AND timestamp_start < ? AND timestamp_end-timestamp_start == ?"
+" ORDER BY timestamp_start ASC");
stmt.setLong(1, sensorId);
stmt.setLong(2, maxDBTimestamp);
stmt.setLong(3, hourPeriodTimestamp);
stmt.setLong(4, FIVE_MINUTES_IN_MS-1);
DBConnection.exec(stmt, new HourAggregator());
// day aggregation
maxDBTimestamp = db.exec("SELECT MAX(timestamp_end) FROM sensor_data_aggr WHERE sensor_id == "+sensorId+" AND timestamp_end-timestamp_start == " + (DAY_IN_MS-1), new SimpleSQLResult<Long>());
stmt = db.getPreparedStatement("SELECT MAX(timestamp_end) FROM sensor_data_aggr WHERE sensor_id == ? AND timestamp_end-timestamp_start == ?");
stmt.setLong(1, sensorId);
stmt.setLong(2, DAY_IN_MS-1);
maxDBTimestamp = DBConnection.exec(stmt, new SimpleSQLHandler<Long>());
if(maxDBTimestamp == null)
maxDBTimestamp = 0l;
long dayPeriodTimestamp = getTimestampHourPeriodStart(24, System.currentTimeMillis()-DAY_AGGREGATION_OFFSET);
logger.fine("Calculating day periods... (from:"+ maxDBTimestamp +", to:"+ dayPeriodTimestamp +")");
db.exec("SELECT * FROM sensor_data_aggr "
+ "WHERE sensor_id == "+sensorId+" AND " + maxDBTimestamp + " < timestamp_start AND timestamp_start < " + dayPeriodTimestamp + " AND timestamp_end-timestamp_start == " + (HOUR_IN_MS-1)
+" ORDER BY timestamp_start ASC",
new DayAggregator());
stmt = db.getPreparedStatement("SELECT * FROM sensor_data_aggr"
+" WHERE sensor_id == ? AND ? < timestamp_start AND timestamp_start < ? AND timestamp_end-timestamp_start == ?"
+" ORDER BY timestamp_start ASC");
stmt.setLong(1, sensorId);
stmt.setLong(2, maxDBTimestamp);
stmt.setLong(3, dayPeriodTimestamp);
stmt.setLong(4, HOUR_IN_MS-1);
DBConnection.exec(stmt, new DayAggregator());
logger.fine("Done aggregation");
} catch (SQLException e) {
@ -124,13 +141,14 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
if(currentPeriodTimestamp != 0 && periodTimestamp != currentPeriodTimestamp){
float confidence = count / 5f;
logger.finer("Calculated minute period: "+ currentPeriodTimestamp +" sum: "+ sum +" confidence: "+ confidence);
HalContext.getDB().exec(String.format(Locale.US, "INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(%d, %d, %d, %d, %d, %f)",
result.getInt("sensor_id"),
Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1,
currentPeriodTimestamp,
currentPeriodTimestamp + FIVE_MINUTES_IN_MS -1,
sum,
confidence));
PreparedStatement prepStmt = HalContext.getDB().getPreparedStatement("INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(?, ?, ?, ?, ?, ?)");
prepStmt.setInt(1, result.getInt("sensor_id"));
prepStmt.setLong(2, Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1);
prepStmt.setLong(3, currentPeriodTimestamp);
prepStmt.setLong(4, currentPeriodTimestamp + FIVE_MINUTES_IN_MS - 1);
prepStmt.setInt(5, sum);
prepStmt.setFloat(6, confidence);
DBConnection.exec(prepStmt);
// Reset variables
currentPeriodTimestamp = periodTimestamp;
@ -156,13 +174,14 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
if(currentPeriodTimestamp != 0 && periodTimestamp != currentPeriodTimestamp){
float aggrConfidence = confidenceSum / 12f;
logger.finer("Calculated hour period: "+ currentPeriodTimestamp +" sum: "+ sum +" confidence: "+ aggrConfidence);
HalContext.getDB().exec(String.format(Locale.US, "INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(%d, %d, %d, %d, %d, %f)",
result.getInt("sensor_id"),
Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1,
currentPeriodTimestamp,
currentPeriodTimestamp + HOUR_IN_MS -1,
sum,
aggrConfidence));
PreparedStatement prepStmt = HalContext.getDB().getPreparedStatement("INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(?, ?, ?, ?, ?, ?)");
prepStmt.setInt(1, result.getInt("sensor_id"));
prepStmt.setLong(2, Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1);
prepStmt.setLong(3, currentPeriodTimestamp);
prepStmt.setLong(4, currentPeriodTimestamp + HOUR_IN_MS - 1);
prepStmt.setInt(5, sum);
prepStmt.setFloat(6, aggrConfidence);
DBConnection.exec(prepStmt);
// Reset variables
currentPeriodTimestamp = periodTimestamp;
@ -173,8 +192,10 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
confidenceSum += result.getFloat("confidence");
//TODO: SHould not be here!
HalContext.getDB().exec("DELETE FROM sensor_data_aggr "
+ "WHERE sensor_id == "+ result.getInt("sensor_id") +" AND sequence_id == "+ result.getInt("sequence_id"));
PreparedStatement prepStmt = HalContext.getDB().getPreparedStatement("DELETE FROM sensor_data_aggr WHERE sensor_id == ? AND sequence_id == ?");
prepStmt.setInt(1, result.getInt("sensor_id"));
prepStmt.setInt(2, result.getInt("sequence_id"));
DBConnection.exec(prepStmt);
}
return null;
}
@ -193,13 +214,14 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
if(currentPeriodTimestamp != 0 && periodTimestamp != currentPeriodTimestamp){
float aggrConfidence = confidenceSum / 24f;
logger.finer("Calculated day period: "+ currentPeriodTimestamp +" sum: "+ sum +" confidence: "+ aggrConfidence+ " samples: " + samples);
HalContext.getDB().exec(String.format(Locale.US, "INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(%d, %d, %d, %d, %d, %f)",
result.getInt("sensor_id"),
Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1,
currentPeriodTimestamp,
currentPeriodTimestamp + DAY_IN_MS -1,
sum,
aggrConfidence));
PreparedStatement prepStmt = HalContext.getDB().getPreparedStatement("INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(?, ?, ?, ?, ?, ?)");
prepStmt.setInt(1, result.getInt("sensor_id"));
prepStmt.setLong(2, Sensor.getHighestSequenceId(result.getInt("sensor_id")) + 1);
prepStmt.setLong(3, currentPeriodTimestamp);
prepStmt.setLong(4, currentPeriodTimestamp + DAY_IN_MS - 1);
prepStmt.setInt(5, sum);
prepStmt.setFloat(6, aggrConfidence);
DBConnection.exec(prepStmt);
// Reset variables
currentPeriodTimestamp = periodTimestamp;
@ -212,8 +234,10 @@ public class DataAggregatorDaemon extends TimerTask implements HalDaemon {
samples++;
//TODO: SHould not be here!
HalContext.getDB().exec("DELETE FROM sensor_data_aggr "
+ "WHERE sensor_id == "+ result.getInt("sensor_id") +" AND sequence_id == "+ result.getInt("sequence_id"));
PreparedStatement prepStmt = HalContext.getDB().getPreparedStatement("DELETE FROM sensor_data_aggr WHERE sensor_id == ? AND sequence_id == ?");
prepStmt.setInt(1, result.getInt("sensor_id"));
prepStmt.setInt(2, result.getInt("sequence_id"));
DBConnection.exec(prepStmt);
}
return null;
}

22
src/se/koc/hal/deamon/DataSynchronizationClient.java
View file

@ -6,6 +6,7 @@ import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.net.Socket;
import java.net.UnknownHostException;
import java.sql.PreparedStatement;
import java.sql.SQLException;
import java.util.List;
import java.util.Locale;
@ -55,16 +56,21 @@ public class DataSynchronizationClient extends TimerTask implements HalDaemon{
SensorDataListDTO dataList = (SensorDataListDTO) in.readObject();
for(SensorDataDTO data : dataList){
int deletions = db.exec("DELETE FROM sensor_data_aggr WHERE sensor_id == "+ sensor.getId() +" AND "+ data.timestampStart +" <= timestamp_start AND timestamp_end <= "+ data.timestampEnd);
PreparedStatement stmt = db.getPreparedStatement("DELETE FROM sensor_data_aggr WHERE sensor_id == ? AND ? <= timestamp_start AND timestamp_end <= ?");
stmt.setLong(1, sensor.getId());
stmt.setLong(2, data.timestampStart);
stmt.setLong(3, data.timestampEnd);
int deletions = DBConnection.exec(stmt);
if(deletions > 0)
logger.finer("Aggregate data replaced "+ deletions +" entries");
db.exec(String.format(Locale.US, "INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(%d, %d, %d, %d, %d, %f)",
sensor.getId(),
data.sequenceId,
data.timestampStart,
data.timestampEnd,
data.data,
data.confidence));
stmt = db.getPreparedStatement("INSERT INTO sensor_data_aggr(sensor_id, sequence_id, timestamp_start, timestamp_end, data, confidence) VALUES(?, ?, ?, ?, ?, ?)");
stmt.setLong(1, sensor.getId());
stmt.setLong(2, data.sequenceId);
stmt.setLong(3, data.timestampStart);
stmt.setLong(4, data.timestampEnd);
stmt.setInt(5, data.data);
stmt.setFloat(6, data.confidence);
DBConnection.exec(stmt);
}
logger.fine("Stored " + dataList.size() + " entries for sensor " + sensor.getId() + " from " + user.getName());
}

9
src/se/koc/hal/deamon/DataSynchronizationDaemon.java
View file

@ -5,6 +5,7 @@ import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.net.Socket;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
@ -14,6 +15,7 @@ import java.util.logging.Logger;
import se.koc.hal.HalContext;
import se.koc.hal.deamon.DataSynchronizationClient.PeerDataReqDTO;
import zutil.db.DBConnection;
import zutil.db.SQLResultHandler;
import zutil.log.LogUtil;
import zutil.net.threaded.ThreadedTCPNetworkServer;
@ -66,9 +68,10 @@ public class DataSynchronizationDaemon extends ThreadedTCPNetworkServer implemen
while((obj = in.readObject()) != null){
if(obj instanceof PeerDataReqDTO){
PeerDataReqDTO req = (PeerDataReqDTO) obj;
SensorDataListDTO list = HalContext.getDB().exec("SELECT * FROM sensor_data_aggr WHERE sensor_id == "+ req.sensorId +" AND sequence_id > "+ req.offsetSequenceId,
new SQLResultHandler<SensorDataListDTO>() {
PreparedStatement stmt = HalContext.getDB().getPreparedStatement("SELECT * FROM sensor_data_aggr WHERE sensor_id == ? AND sequence_id > ?");
stmt.setLong(1, req.sensorId);
stmt.setLong(2, req.offsetSequenceId);
SensorDataListDTO list = DBConnection.exec(stmt, new SQLResultHandler<SensorDataListDTO>() {
@Override
public SensorDataListDTO handleQueryResult(Statement stmt, ResultSet result) throws SQLException {
SensorDataListDTO list = new SensorDataListDTO();

91
src/se/koc/hal/page/PCOverviewHttpPage.java
View file

@ -1,6 +1,7 @@
package se.koc.hal.page;
import java.io.IOException;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
@ -24,47 +25,55 @@ public class PCOverviewHttpPage implements HttpPage {
try {
DBConnection db = HalContext.getDB();
ArrayList<PowerData> minDataList = db.exec(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.FIVE_MINUTES_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == " + (DataAggregatorDaemon.FIVE_MINUTES_IN_MS-1)
+ " AND timestamp_start > " + (System.currentTimeMillis() - DataAggregatorDaemon.DAY_IN_MS)
+ " ORDER BY timestamp_start ASC",
new SQLPowerDataBuilder());
ArrayList<PowerData> hourDataList = db.exec(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.HOUR_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == " + (DataAggregatorDaemon.HOUR_IN_MS-1)
+ " AND timestamp_start > " + (System.currentTimeMillis() - 3*DataAggregatorDaemon.DAY_IN_MS)
+ " ORDER BY timestamp_start ASC",
new SQLPowerDataBuilder());
ArrayList<PowerData> dayDataList = db.exec(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.DAY_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == " + (DataAggregatorDaemon.DAY_IN_MS-1)
+ " ORDER BY timestamp_start ASC",
new SQLPowerDataBuilder());
PreparedStatement stmt = db.getPreparedStatement(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.FIVE_MINUTES_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == ?"
+ " AND timestamp_start > ?"
+ " ORDER BY timestamp_start ASC");
stmt.setLong(1, DataAggregatorDaemon.FIVE_MINUTES_IN_MS-1);
stmt.setLong(2, (System.currentTimeMillis() - DataAggregatorDaemon.DAY_IN_MS) );
ArrayList<PowerData> minDataList = DBConnection.exec(stmt , new SQLPowerDataBuilder());
stmt = db.getPreparedStatement(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.HOUR_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == ?"
+ " AND timestamp_start > ?"
+ " ORDER BY timestamp_start ASC");
stmt.setLong(1, DataAggregatorDaemon.HOUR_IN_MS-1);
stmt.setLong(2, (System.currentTimeMillis() - 3*DataAggregatorDaemon.DAY_IN_MS) );
ArrayList<PowerData> hourDataList = DBConnection.exec(stmt, new SQLPowerDataBuilder());
stmt = db.getPreparedStatement(
"SELECT user.username as username,"
+ " sensor_data_aggr.timestamp_start as timestamp_start,"
+ " sensor_data_aggr.timestamp_end as timestamp_end,"
+ " sensor_data_aggr.data as data,"
+ " sensor_data_aggr.confidence as confidence,"
+ DataAggregatorDaemon.DAY_IN_MS + " as period_length"
+ " FROM sensor_data_aggr, user, sensor"
+ " WHERE sensor.id = sensor_data_aggr.sensor_id"
+ " AND user.id = sensor.user_id"
+ " AND timestamp_end-timestamp_start == ?"
+ " ORDER BY timestamp_start ASC");
stmt.setLong(1, DataAggregatorDaemon.DAY_IN_MS-1);
ArrayList<PowerData> dayDataList = DBConnection.exec(stmt, new SQLPowerDataBuilder());
Templator tmpl = new Templator(FileUtil.find("web-resource/index.html"));

12
src/se/koc/hal/struct/Sensor.java
View file

@ -10,9 +10,6 @@ import zutil.db.bean.DBBean;
import zutil.db.bean.DBBeanSQLResultHandler;
import zutil.db.handler.SimpleSQLResult;
/**
* Created by Ziver on 2015-12-03.
*/
@DBBean.DBTable("sensor")
public class Sensor extends DBBean{
private String name;
@ -33,14 +30,17 @@ public class Sensor extends DBBean{
}
public static List<Sensor> getSensors(DBConnection db, User user) throws SQLException{
PreparedStatement stmt = db.getPreparedStatement( "SELECT * FROM sensor WHERE user_id == " + user.getId() );
PreparedStatement stmt = db.getPreparedStatement( "SELECT * FROM sensor WHERE user_id == ?" );
stmt.setLong(1, user.getId());
return DBConnection.exec(stmt, DBBeanSQLResultHandler.createList(Sensor.class, db) );
}
public static long getHighestSequenceId(long sensorId) throws SQLException{
Integer id = HalContext.getDB().exec("SELECT MAX(sequence_id) FROM sensor_data_aggr WHERE sensor_id == "+ sensorId, new SimpleSQLResult<Integer>());
return (id != null ? id+1 : 1);
PreparedStatement stmt = HalContext.getDB().getPreparedStatement("SELECT MAX(sequence_id) FROM sensor_data_aggr WHERE sensor_id == ?");
stmt.setLong(1, sensorId);
Integer id = DBConnection.exec(stmt, new SimpleSQLHandler<Integer>());
return (id != null ? id+1 : 1);
}