[Arianne-commits] marauroa/src/marauroa/server/game JDBCPlayerDatabase.java, 1.27, 1.28

[Hendrik <nh...@us...>]

Update of /cvsroot/arianne/marauroa/src/marauroa/server/game
In directory sc8-pr-cvs11.sourceforge.net:/tmp/cvs-serv9965/src/marauroa/server/game

Modified Files:
	JDBCPlayerDatabase.java 
Log Message:
improved logging of game events

Index: JDBCPlayerDatabase.java
===================================================================
RCS file: /cvsroot/arianne/marauroa/src/marauroa/server/game/JDBCPlayerDatabase.java,v
retrieving revision 1.27
retrieving revision 1.28
diff -C2 -d -r1.27 -r1.28
*** JDBCPlayerDatabase.java	26 Aug 2006 20:00:31 -0000	1.27
--- JDBCPlayerDatabase.java	26 Sep 2006 19:27:40 -0000	1.28
***************
*** 101,104 ****
--- 101,122 ----
  	}
  
+ 	/**
+ 	 * Escapes ' and \ in a string so that the result can be passed into an
+ 	 * SQL command. The parameter has be quoted using ' in the sql. Most
+ 	 * database engines accept single quotes around numbers as well.
+      * <p>Please note that special characters for LIKE and other matching
+ 	 * commands are not quotes. The result of this method is suiteable for
+ 	 * INSERT, UPDATE and an "=" operator in the WHERE part.
+ 	 * 
+ 	 * @param param string to quote
+ 	 * @return quoted string
+ 	 */
+ 	public String escapeSQLString(String param) {
+ 		if (param == null) {
+ 			return param;
+ 		}
+ 		return param.replace("'", "''").replace("\\", "\\\\");
+ 	}
+ 
  	private static IPlayerDatabase playerDatabase = null;
  
***************
*** 497,517 ****
  				}
  			}
- 			// This code is unused. I think it was a workaround some transaction
- 			// issues on 0.90
- 			// else
- 			// {
- 			// Connection connection1 =
- 			// ((JDBCTransaction)trans).getConnection();
- 			// Statement stmt1 = connection1.createStatement();
- 			// String query1 = "select * from player;";
- 			// logger.debug("verifyAccount is executing query "+query1);
- 			// ResultSet result1 = stmt1.executeQuery(query1);
- 			// while(result1.next())
- 			// {
- 			// logger.debug(result1.getString("id")+"\t"+result1.getString("username")+"\t"+result1.getString("password"));
- 			// }
- 			// result1.close();
- 			// }
- 
  			return false;
  		} catch (Exception e) {
--- 515,518 ----
***************
*** 1433,1438 ****
  			Statement stmt = connection.createStatement();
  
  			StringBuffer param = new StringBuffer();
- 
  			if (params.length > 1) {
  				for (int i = 1; i < params.length; i++) {
--- 1434,1439 ----
  			Statement stmt = connection.createStatement();
  
+ 			String firstParam = (params.length > 0 ? params[0] : "");
  			StringBuffer param = new StringBuffer();
  			if (params.length > 1) {
  				for (int i = 1; i < params.length; i++) {
***************
*** 1442,1473 ****
  			}
  
- 			try {
- 				if (!validString(source) || !validString(event)
- 						|| !validString(param.toString())) {
- 					logger
- 							.info("Game event not logged because invalid strings: \""
- 									+ source
- 									+ "\",\""
- 									+ event
- 									+ "\",\""
- 									+ param + "\"");
- 					return;
- 				}
- 			} catch (Exception e) {
- 				logger.info("Game event not logged because invalid strings: \""
- 						+ source + "\",\"" + event + "\",\"" + param + "\"", e);
- 				return;
- 			}
- 
- 			String firstParam = (params.length > 0 ? params[0] : "");
- 
  			String query = "insert into gameEvents(timedate, source, event, param1, param2) values(NULL,'"
! 					+ source
  					+ "','"
! 					+ event
  					+ "','"
! 					+ firstParam
  					+ "','"
! 					+ param.toString() + "')";
  			stmt.execute(query);
  			stmt.close();
--- 1443,1454 ----
  			}
  
  			String query = "insert into gameEvents(timedate, source, event, param1, param2) values(NULL,'"
! 					+ escapeSQLString(source)
  					+ "','"
! 					+ escapeSQLString(event)
  					+ "','"
! 					+ escapeSQLString(firstParam)
  					+ "','"
! 					+ escapeSQLString(param.toString()) + "')";
  			stmt.execute(query);
  			stmt.close();