diff --git a/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/FloodReportDlg.java b/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/FloodReportDlg.java index efc960d9eb..33b4e33a74 100644 --- a/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/FloodReportDlg.java +++ b/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/FloodReportDlg.java @@ -69,6 +69,7 @@ import com.raytheon.uf.viz.core.VizApp; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.uf.viz.core.requests.ThriftClient; import com.raytheon.viz.hydrocommon.HydroConstants; +import com.raytheon.viz.hydrocommon.util.DbUtils; import com.raytheon.viz.hydrocommon.util.RatingUtils; import com.raytheon.viz.ui.dialogs.CaveSWTDialog; @@ -1202,6 +1203,8 @@ public class FloodReportDlg extends CaveSWTDialog { sql.append(", q"); } + cremark = DbUtils.escapeSpecialCharforStr(cremark); + sql.append(") values('" + data.getLid() + "', "); sql.append("'" + dateFormat.format(eventDate) + "', "); sql.append("'" + hourFormat.format(eventDate) + "', "); diff --git a/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/data/GeoDataManager.java b/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/data/GeoDataManager.java index 9c25449d5a..40b9455a91 100644 --- a/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/data/GeoDataManager.java +++ b/cave/com.raytheon.viz.hydrobase/src/com/raytheon/viz/hydrobase/data/GeoDataManager.java @@ -31,6 +31,7 @@ import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.HydroConstants; import com.raytheon.viz.hydrocommon.HydroConstants.ArealTypeSelection; import com.raytheon.viz.hydrocommon.datamanager.HydroDataManager; +import com.raytheon.viz.hydrocommon.util.DbUtils; /** * GeoData Data Manager class. @@ -49,7 +50,8 @@ import com.raytheon.viz.hydrocommon.datamanager.HydroDataManager; */ public class GeoDataManager extends HydroDataManager { - private static final transient IUFStatusHandler statusHandler = UFStatus.getHandler(GeoDataManager.class); + private static final transient IUFStatusHandler statusHandler = UFStatus + .getHandler(GeoDataManager.class); private static GeoDataManager instance = null; private GeoDataManager() { @@ -59,8 +61,7 @@ public class GeoDataManager extends HydroDataManager { /** * Get an instance of this class * - * @return - * The instance + * @return The instance */ public static synchronized GeoDataManager getInstance() { if (instance == null) { @@ -74,17 +75,15 @@ public class GeoDataManager extends HydroDataManager { * Get the GeoAreas. * * @param type - * The type of area looking for - * @return - * List of GeoAreaData objects + * The type of area looking for + * @return List of GeoAreaData objects * @throws VizException */ public ArrayList getGeoArea(ArealTypeSelection type) throws VizException { ArrayList returnList = new ArrayList(); StringBuilder query = new StringBuilder(); - query - .append("select area_id, name, boundary_type, interior_lat, interior_lon from geoarea "); + query.append("select area_id, name, boundary_type, interior_lat, interior_lon from geoarea "); query.append(" where boundary_type = '" + HydroConstants.GEOAREA_DATANAMES[type.ordinal()] + "' order by area_id"); @@ -110,9 +109,8 @@ public class GeoDataManager extends HydroDataManager { * Delete data from the linesegs table. * * @param type - * The type of data to delete - * @return - * The number of lines modified + * The type of data to delete + * @return The number of lines modified * @throws VizException */ public int deleteLineSegs(String type) throws VizException { @@ -128,10 +126,10 @@ public class GeoDataManager extends HydroDataManager { /** * Delete data from the geoarea table. + * * @param type - * The type of data to delete - * @return - * The number of lines modified + * The type of data to delete + * @return The number of lines modified * @throws VizException */ public int deleteGeoArea(String type) throws VizException { @@ -148,9 +146,8 @@ public class GeoDataManager extends HydroDataManager { * Write the GeoAreaData data to the IHFS * * @param data - * The GeoAreaData object to write - * @return - * The number of rows modified + * The GeoAreaData object to write + * @return The number of rows modified * @throws VizException */ public int putGeoArea(GeoAreaData data) throws VizException { @@ -170,6 +167,8 @@ public class GeoDataManager extends HydroDataManager { return status; } + DbUtils.escapeSpecialCharforData(data); + /* * if the interior lat, lon were provided from the input file, then use * them. otherwise compute them. @@ -229,9 +228,9 @@ public class GeoDataManager extends HydroDataManager { * Write thte line segments to the linesegs table * * @param areaId - * The area id + * The area id * @param binList - * The HrapBinList + * The HrapBinList */ public void putLineSegs(String areaId, HrapBinList binList) { int status = 0; @@ -244,7 +243,7 @@ public class GeoDataManager extends HydroDataManager { long hrapRow = binList.getRows().get(i); long hrapBegCol = binList.getBeginCols().get(i); long hrapEndCol = binList.getEndCols().get(i); - + where.setLength(0); query.setLength(0); @@ -274,13 +273,14 @@ public class GeoDataManager extends HydroDataManager { } } catch (VizException e) { status = -1; - statusHandler.handle(Priority.PROBLEM, - "Error putting data into LineSegs for area_id: " + areaId); + statusHandler.handle(Priority.PROBLEM, + "Error putting data into LineSegs for area_id: " + + areaId); } } else { /* delete the record and insert the new record */ String delete = "delete from linesegs " + where.toString(); - + try { runStatement(delete); status = DirectDbQuery.executeStatement(query.toString(), @@ -289,7 +289,7 @@ public class GeoDataManager extends HydroDataManager { throw new VizException(); } } catch (VizException e) { - statusHandler.handle(Priority.PROBLEM, + statusHandler.handle(Priority.PROBLEM, "Error updating LineSegs for area_id: " + areaId); } } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/cresthistory/CrestHistoryDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/cresthistory/CrestHistoryDataManager.java index 8f56fa31b4..5bc49fe1fc 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/cresthistory/CrestHistoryDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/cresthistory/CrestHistoryDataManager.java @@ -32,8 +32,7 @@ package com.raytheon.viz.hydrocommon.cresthistory; * Nov 04, 2010 5518 lbousaid added all/above/bellow flag to * getRiverCrestData * Jan 09, 2015 16698 JingtaoD Crest History failed validation dialog pops up when OK button clicked - * April 08 2015 17338 JingtaoD "Apostrophe" entered into Hydrobase text fields in dialog window are not - * written to the IHFS database + * * * * @author dhladky @@ -50,6 +49,7 @@ import com.raytheon.viz.hydrocommon.HydroConstants; import com.raytheon.viz.hydrocommon.data.RiverDataPoint; import com.raytheon.viz.hydrocommon.datamanager.RiverDataManager; import com.raytheon.viz.hydrocommon.datamanager.HydroDBDataManager; +import com.raytheon.viz.hydrocommon.util.DbUtils; public class CrestHistoryDataManager { private static final transient IUFStatusHandler statusHandler = UFStatus @@ -82,12 +82,13 @@ public class CrestHistoryDataManager { * @param rdp * @return */ - public CrestHistoryData getRiverCrestData(String lid, boolean control, int allFlag) { + public CrestHistoryData getRiverCrestData(String lid, boolean control, + int allFlag) { RiverDataManager rdm = RiverDataManager.getInstance(); RiverDataPoint rdp = rdm.getRiverDataPoint(lid); // get crest data - return rdm.getRiverCrests(rdp, allFlag); + return rdm.getRiverCrests(rdp, allFlag); } /** @@ -96,27 +97,24 @@ public class CrestHistoryDataManager { * @param cd */ public void deleteCrest(CrestData cd, String lid) { - String deleteCrest = "delete from crest where lid = '" + lid + "' and datcrst = '" - + cd.getDateString() + "' and timcrst ='" + cd.getTimeString() - + "'"; + String deleteCrest = "delete from crest where lid = '" + lid + + "' and datcrst = '" + cd.getDateString() + "' and timcrst ='" + + cd.getTimeString() + "'"; try { AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, + false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + deleteCrest); } - - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - deleteCrest = HydroDBDataManager.getInstance().checkAppostrophe(deleteCrest); - + DirectDbQuery.executeStatement(deleteCrest, HydroConstants.IHFS, QueryLanguage.SQL); } catch (VizException ve) { - statusHandler.error("Error deleting the crest: " - + lid, ve); + statusHandler.error("Error deleting the crest: " + lid, ve); } } @@ -124,42 +122,49 @@ public class CrestHistoryDataManager { * Insert/update a crest. * * @param cd - * The CrestData object holding data for database + * The CrestData object holding data for database * @param lid - * The current lid + * The current lid * @param selectedCrest - * The crest data currently in the database + * The crest data currently in the database * @param mode - * The mode, 1 = new, 2 = delete, 3 = update + * The mode, 1 = new, 2 = delete, 3 = update * @return Error Message, or null if no errors * @throws VizException */ - public String insertCrest(CrestData cd, String lid, CrestData selectedCrest, int mode) { + public String insertCrest(CrestData cd, String lid, + CrestData selectedCrest, int mode) { String errMsg = null; - + + DbUtils.escapeSpecialCharforData(cd); + if (mode == 3) { - + // Did the primary key change? - if ((selectedCrest != null) && (cd.getDateString().equals(selectedCrest.getDateString()) - && cd.getTimeString().equals(selectedCrest.getTimeString()))) { + if ((selectedCrest != null) + && (cd.getDateString() + .equals(selectedCrest.getDateString()) && cd + .getTimeString().equals( + selectedCrest.getTimeString()))) { // The PK is different, delete the record, then insert - String query = "delete from crest where lid = '" + lid + - "' and datcrst = '" + selectedCrest.getDateString() + - "' and timcrst = '" + selectedCrest.getTimeString() + "'"; - + String query = "delete from crest where lid = '" + lid + + "' and datcrst = '" + selectedCrest.getDateString() + + "' and timcrst = '" + selectedCrest.getTimeString() + + "'"; + try { AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean( + HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + + ":" + ad.getToken(HydroConstants.PGPORT) + + ":" + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + query); } - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - query = HydroDBDataManager.getInstance().checkAppostrophe(query); - - DirectDbQuery.executeStatement(query, HydroConstants.IHFS, QueryLanguage.SQL); + + DirectDbQuery.executeStatement(query, HydroConstants.IHFS, + QueryLanguage.SQL); } catch (VizException e) { e.printStackTrace(); } @@ -176,7 +181,7 @@ public class CrestHistoryDataManager { remarks = remarks.replaceAll("\n", "\\n"); back.append("'" + remarks + "', "); front.append("cremark, "); -// back.append("'" + cd.getRemarks() + "', "); + // back.append("'" + cd.getRemarks() + "', "); } if (cd.isHighWater()) { front.append("hw, "); @@ -205,45 +210,44 @@ public class CrestHistoryDataManager { boolean executeUpdate = false; AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, + false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + insertCrest); } try { - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - insertCrest = HydroDBDataManager.getInstance().checkAppostrophe(insertCrest); - + DirectDbQuery.executeStatement(insertCrest, HydroConstants.IHFS, QueryLanguage.SQL); - } catch (VizException e) { - - e.printStackTrace(); - - //exception with duplicate key value is throwed in the 2nd cause - - if (e.getCause().getCause().getMessage().contains("crest_pk")) { - executeUpdate = true; + } catch (VizException e) { + + e.printStackTrace(); + + // exception with duplicate key value is throwed in the 2nd cause + + if (e.getCause().getCause().getMessage().contains("crest_pk")) { + executeUpdate = true; } else { errMsg = "Error inserting data into database."; - } + } } if (executeUpdate) { /* execute an update */ StringBuilder query = new StringBuilder("update crest set "); - -// query.append("lid = '" + lid + "', "); -// query.append("datcrst = '" + cd.getDateString() + "', "); + + // query.append("lid = '" + lid + "', "); + // query.append("datcrst = '" + cd.getDateString() + "', "); if (cd.getRemarks() != null) { String remarks = cd.getRemarks(); remarks = remarks.replace("\n", "\\n"); query.append("cremark = E'" + remarks + "', "); -// query.append("cremark = '" + cd.getRemarks() + "', "); + // query.append("cremark = '" + cd.getRemarks() + "', "); } if (cd.isHighWater()) { @@ -251,19 +255,19 @@ public class CrestHistoryDataManager { } else { query.append("hw = '', "); } - + if (cd.isIce()) { query.append("jam = '" + insertmark + "', "); } else { query.append("jam = '', "); } - + if (cd.isOldDatum()) { query.append("olddatum = '" + insertmark + "', "); } else { query.append("olddatum = '', "); } - + query.append("q = " + cd.getFlow() + ", "); query.append("stage = " + cd.getStage() + ", "); @@ -272,29 +276,27 @@ public class CrestHistoryDataManager { } else { query.append("suppress = '', "); } - + query.append("prelim = '" + cd.getPrelim() + "' "); query.append(" where lid = '" + lid + "' "); query.append("and datcrst = '" + cd.getDateString() + "' "); query.append("and timcrst = '" + cd.getTimeString() + "' "); try { if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + query.toString()); } - - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - String newquery = HydroDBDataManager.getInstance().checkAppostrophe(query.toString()); - - DirectDbQuery.executeStatement(newquery, HydroConstants.IHFS, QueryLanguage.SQL); + + DirectDbQuery.executeStatement(query.toString(), + HydroConstants.IHFS, QueryLanguage.SQL); } catch (VizException e) { errMsg = "Error updating data in database"; e.printStackTrace(); } } - + return errMsg; } } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/data/RiverStatData.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/data/RiverStatData.java index abfb6011ee..7fc8cf13b8 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/data/RiverStatData.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/data/RiverStatData.java @@ -38,7 +38,7 @@ import com.raytheon.viz.hydrocommon.HydroConstants; * Jan 3, 2013 15520 lbousaidi added a dollar-quoted string to getUpdate and * getInsert statements to always write literally * the string content. - * April 8, 2015 17338 jingtaoD "Apostrophes" entered into HB text fields are not written to IHFS database + * * * * @@ -224,32 +224,32 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { setLid(getDBValue("lid", data, dataMap, "")); setPrimaryPE(getDBValue("primary_pe", data, dataMap, "")); - setBankFull(getDBValue("bf", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setCheckBar(getDBValue("cb", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setDrainageArea(getDBValue("da", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setResponseTime(getDBValue("response_time", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setThresholdRunoff(getDBValue("threshold_runoff", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setFloodFlow(getDBValue("fq", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setFloodStage(getDBValue("fs", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); + setBankFull(getDBValue("bf", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setCheckBar(getDBValue("cb", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setDrainageArea(getDBValue("da", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setResponseTime(getDBValue("response_time", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setThresholdRunoff(getDBValue("threshold_runoff", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setFloodFlow(getDBValue("fq", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setFloodStage(getDBValue("fs", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); setGageNumber(getDBValue("gsno", data, dataMap, "")); setLevel(getDBValue("level", data, dataMap, "")); - setRiverMile(getDBValue("mile", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setPool(getDBValue("pool", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); + setRiverMile(getDBValue("mile", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setPool(getDBValue("pool", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); setPeriodOfRecord(getDBValue("por", data, dataMap, "")); setRated(getDBValue("rated", data, dataMap, "")); - setLatitude(getDBValue("lat", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setLongitude(getDBValue("lon", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); + setLatitude(getDBValue("lat", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setLongitude(getDBValue("lon", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); setRemark(getDBValue("remark", data, dataMap, "")); setReviseDate(getDBValue("rrevise", data, dataMap, (Date) null)); setLatLonSource(getDBValue("rsource", data, dataMap, "")); @@ -257,12 +257,12 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { setTidalEffect(getDBValue("tide", data, dataMap, "")); setBackWater(getDBValue("backwater", data, dataMap, "")); setVerticalDatum(getDBValue("vdatum", data, dataMap, "")); - setActionFlow(getDBValue("action_flow", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setActionStage(getDBValue("wstg", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); - setZeroDatum(getDBValue("zd", data, dataMap, Double - .valueOf(HydroConstants.MISSING_VALUE))); + setActionFlow(getDBValue("action_flow", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setActionStage(getDBValue("wstg", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); + setZeroDatum(getDBValue("zd", data, dataMap, + Double.valueOf(HydroConstants.MISSING_VALUE))); setDateOfRating(getDBValue("ratedat", data, dataMap, (Date) null)); setUsgsRateNumber(getDBValue("usgs_ratenum", data, dataMap, "")); setUnitHydrographDuration(getDBValue("uhgdur", data, dataMap, @@ -769,7 +769,7 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { String rval = "INSERT INTO riverstat ( " + columns + " ) VALUES ( %s, %s, %s, %s, %s, %s, %s," - + " %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, $$%s$$, %s," + + " %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, '%s', %s," + " %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s )"; rval = String.format(rval, getDBString(lid), getDBString(primaryPE), @@ -780,12 +780,13 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { getDBString(level), getDBString(riverMile), getDBString(pool), getDBString(periodOfRecord), getDBString(rated), getDBString(latitude), getDBString(longitude), - getDBStringNoQuote(remark), getDBString(reviseDate, dateFormat), - getDBString(latLonSource), getDBString(stream), - getDBString(tidalEffect), getDBString(backWater), - getDBString(verticalDatum), getDBString(actionFlow), - getDBString(actionStage), getDBString(zeroDatum), getDBString( - dateOfRating, dateFormat), getDBString(usgsRateNumber), + getDBStringNoQuote(remark), + getDBString(reviseDate, dateFormat), getDBString(latLonSource), + getDBString(stream), getDBString(tidalEffect), + getDBString(backWater), getDBString(verticalDatum), + getDBString(actionFlow), getDBString(actionStage), + getDBString(zeroDatum), getDBString(dateOfRating, dateFormat), + getDBString(usgsRateNumber), getDBString(unitHydrographDuration), getDBString(useLatestForecast)); @@ -813,7 +814,7 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { public String getUpdateStatement() { // Set the basic update statement String rval = "UPDATE riverstat SET lid=%s, primary_pe=%s, bf=%s, cb=%s, da=%s, response_time=%s, threshold_runoff=%s," - + " fq=%s, fs=%s, gsno=%s, level=%s, mile=%s, pool=%s, por=%s, rated=%s, lat=%s, lon=%s, remark=$$%s$$, rrevise=%s," + + " fq=%s, fs=%s, gsno=%s, level=%s, mile=%s, pool=%s, por=%s, rated=%s, lat=%s, lon=%s, remark='%s', rrevise=%s," + " rsource=%s, stream=%s, tide=%s, backwater=%s, vdatum=%s, action_flow=%s, wstg=%s, zd=%s, ratedat=%s," + " usgs_ratenum=%s, uhgdur=%s, use_latest_fcst=%s WHERE %s"; @@ -826,12 +827,13 @@ public class RiverStatData extends HydroDBData implements IHydroDBData { getDBString(level), getDBString(riverMile), getDBString(pool), getDBString(periodOfRecord), getDBString(rated), getDBString(latitude), getDBString(longitude), - getDBStringNoQuote(remark), getDBString(reviseDate, dateFormat), - getDBString(latLonSource), getDBString(stream), - getDBString(tidalEffect), getDBString(backWater), - getDBString(verticalDatum), getDBString(actionFlow), - getDBString(actionStage), getDBString(zeroDatum), getDBString( - dateOfRating, dateFormat), getDBString(usgsRateNumber), + getDBStringNoQuote(remark), + getDBString(reviseDate, dateFormat), getDBString(latLonSource), + getDBString(stream), getDBString(tidalEffect), + getDBString(backWater), getDBString(verticalDatum), + getDBString(actionFlow), getDBString(actionStage), + getDBString(zeroDatum), getDBString(dateOfRating, dateFormat), + getDBString(usgsRateNumber), getDBString(unitHydrographDuration), getDBString(useLatestForecast), getPKStatement()); diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/ContactsDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/ContactsDataManager.java index 3181897347..f4f7179964 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/ContactsDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/ContactsDataManager.java @@ -25,59 +25,59 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.ContactsData; +import com.raytheon.viz.hydrocommon.util.DbUtils; /** * This class is the data manager for the contacts data. * * 
- *
+ * 
  * SOFTWARE HISTORY
- *
+ * 
  * Date         Ticket#     Engineer    Description
  * ------------ ----------  ----------- --------------------------
  * 20 Nov 2008             lvenable    Initial creation
  * 
  *
- * + * * @author lvenable * @version 1.0 */ -public class ContactsDataManager extends HydroDataManager -{ +public class ContactsDataManager extends HydroDataManager { /** * Instance of this class. */ private static ContactsDataManager manager = null; - + /** * Select statement. */ private final String SELECT_STATEMENT = "SELECT * FROM contacts"; - + /** * Insert statement. */ private final String INSERT_STATEMENT = "INSERT INTO contacts (lid, contact, phone, email, remark, priority) VALUES ('%s', '%s', '%s', '%s', '%s', %d)"; - + /** * Delete statement. */ private final String DELETE_STATEMENT = "DELETE FROM contacts"; - + /** * Update statement. */ private final String UPDATE_STATEMENT = "UPDATE contacts SET contact='%s', phone='%s', email='%s', remark='%s', priority=%d WHERE lid='%s' AND contact='%s'"; - + /** * Constructor. */ - public ContactsDataManager() - { + public ContactsDataManager() { } - + /** * Get an instance of this class. + * * @return An instance of this class. */ public static synchronized ContactsDataManager getInstance() { @@ -87,93 +87,117 @@ public class ContactsDataManager extends HydroDataManager return manager; } - + /** * Get the list of contacts from the specified location ID. - * @param lid Location ID. + * + * @param lid + * Location ID. * @return ArrayList of ContactsData. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public ArrayList getContactData(String lid) throws VizException - { + public ArrayList getContactData(String lid) + throws VizException { ArrayList rval = new ArrayList(); - + QueryResult result = runMappedQuery(SELECT_STATEMENT + " WHERE lid='" + lid + "' ORDER BY priority ASC "); for (QueryResultRow currRow : result.getRows()) { rval.add(new ContactsData(currRow, result.getColumnNames())); } - + return rval; } - + /** - * Delete the record from the database the specified location ID and Contact. - * @param contactsData Contacts data. - * @throws VizException Database exception. + * Delete the record from the database the specified location ID and + * Contact. + * + * @param contactsData + * Contacts data. + * @throws VizException + * Database exception. */ - public void deleteRecord(ContactsData contactsData) throws VizException - { + public void deleteRecord(ContactsData contactsData) throws VizException { + DbUtils.escapeSpecialCharforData(contactsData); + StringBuilder query = new StringBuilder(DELETE_STATEMENT); - String whereClaus = String.format(" WHERE lid = '%s' AND contact = '%s' ", - contactsData.getLid(), contactsData.getContact()); + String whereClaus = String.format( + " WHERE lid = '%s' AND contact = '%s' ", contactsData.getLid(), + contactsData.getContact()); query.append(whereClaus); - + runStatement(query.toString()); } - + /** * Check if a specific record exists in the contacts table. - * @param lid Location ID. - * @param contactName Contact name. + * + * @param lid + * Location ID. + * @param contactName + * Contact name. * @return True if the record exists, false otherwise. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public boolean recordExists(String lid, String contactName) throws VizException - { + public boolean recordExists(String lid, String contactName) + throws VizException { + contactName = DbUtils.escapeSpecialCharforStr(contactName); + StringBuilder query = new StringBuilder(SELECT_STATEMENT); - String whereClaus = String.format(" WHERE lid = '%s' AND contact = '%s' ", - lid, contactName); - + String whereClaus = String.format( + " WHERE lid = '%s' AND contact = '%s' ", lid, contactName); + query.append(whereClaus); - + QueryResult result = runMappedQuery(query.toString()); - - if (result.getResultCount() == 0) - { + + if (result.getResultCount() == 0) { return false; } - + return true; } - + /** * Insert the new contact data into the database. - * @param data Contacts data. - * @throws VizException Database exception. + * + * @param data + * Contacts data. + * @throws VizException + * Database exception. */ - public void insertContactData(ContactsData data) throws VizException - { + public void insertContactData(ContactsData data) throws VizException { + DbUtils.escapeSpecialCharforData(data); + String query = String.format(INSERT_STATEMENT, data.getLid(), data.getContact(), data.getPhone(), data.getEmail(), data.getRemark(), data.getPriority()); - + runStatement(query); } - + /** * Update an existing record in the contacts table with the new information. - * @param data Contacts data. - * @throws VizException Database exception. + * + * @param data + * Contacts data. + * @throws VizException + * Database exception. */ - public void updateContactData(ContactsData data, - String originalContactName) throws VizException - { + public void updateContactData(ContactsData data, String originalContactName) + throws VizException { + DbUtils.escapeSpecialCharforData(data); + originalContactName = DbUtils + .escapeSpecialCharforStr(originalContactName); + String query = String.format(UPDATE_STATEMENT, data.getContact(), data.getPhone(), data.getEmail(), data.getRemark(), data.getPriority(), data.getLid(), originalContactName); - + runStatement(query); } } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/DescriptionDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/DescriptionDataManager.java index 35493645ea..e3ac7e5b44 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/DescriptionDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/DescriptionDataManager.java @@ -25,61 +25,59 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.DescriptionData; +import com.raytheon.viz.hydrocommon.util.DbUtils; /** * This class is the data manager for the description data. * * 
- *
+ * 
  * SOFTWARE HISTORY
- *
+ * 
  * Date         Ticket#     Engineer    Description
  * ------------ ----------  ----------- --------------------------
  * 02 Dec 2008              lvenable    Initial creation
  * 
  *
- * + * * @author lvenable * @version 1.0 */ -public class DescriptionDataManager extends HydroDataManager -{ +public class DescriptionDataManager extends HydroDataManager { /** * Instance of this class. */ private static DescriptionDataManager manager = null; - + /** * Select statement. */ private final String SELECT_STATEMENT = "SELECT * FROM descrip"; - + /** * Insert statement. */ - private final String INSERT_STATEMENT = - "INSERT INTO descrip (lid, bed, divert, remark, ice, proximity, reach, res, topo) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')"; - + private final String INSERT_STATEMENT = "INSERT INTO descrip (lid, bed, divert, remark, ice, proximity, reach, res, topo) VALUES ('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')"; + /** * Delete statement. */ private final String DELETE_STATEMENT = "DELETE FROM descrip"; - + /** * Update statement. */ - private final String UPDATE_STATEMENT = - "UPDATE descrip SET bed='%s', divert='%s', remark='%s', ice='%s', proximity='%s', reach='%s', res='%s', topo='%s' WHERE lid='%s'"; - + private final String UPDATE_STATEMENT = "UPDATE descrip SET bed='%s', divert='%s', remark='%s', ice='%s', proximity='%s', reach='%s', res='%s', topo='%s' WHERE lid='%s'"; + /** * Private Constructor. */ - private DescriptionDataManager() - { + private DescriptionDataManager() { } - + /** * Get an instance of this class. + * * @return An instance of this class. */ public static synchronized DescriptionDataManager getInstance() { @@ -89,91 +87,110 @@ public class DescriptionDataManager extends HydroDataManager return manager; } - + /** * Get the description data. - * @param lid Location ID. + * + * @param lid + * Location ID. * @return An array of description data. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public ArrayList getDescriptionData(String lid) throws VizException - { + public ArrayList getDescriptionData(String lid) + throws VizException { ArrayList rval = new ArrayList(); - + QueryResult result = runMappedQuery(SELECT_STATEMENT + " WHERE lid='" + lid + "'"); for (QueryResultRow currRow : result.getRows()) { rval.add(new DescriptionData(currRow, result.getColumnNames())); } - + return rval; } - + /** * Delete a specified description. - * @param lid Location ID. - * @throws VizException Database exception. + * + * @param lid + * Location ID. + * @throws VizException + * Database exception. */ - public void deleteDescription(String lid) throws VizException - { + public void deleteDescription(String lid) throws VizException { StringBuilder query = new StringBuilder(DELETE_STATEMENT); String whereClaus = String.format(" WHERE lid = '%s'", lid); query.append(whereClaus); - + runStatement(query.toString()); } - + /** * Insert description data. - * @param descData Description data. - * @throws VizException Database exception. + * + * @param descData + * Description data. + * @throws VizException + * Database exception. */ - public void insertDescriptionData(DescriptionData descData) throws VizException - { + public void insertDescriptionData(DescriptionData descData) + throws VizException { + DbUtils.escapeSpecialCharforData(descData); + String query = String.format(INSERT_STATEMENT, descData.getLid(), - descData.getStreamBed(), descData.getDivert(), descData.getRemark(), - descData.getIce(), descData.getProximity(), descData.getReach(), + descData.getStreamBed(), descData.getDivert(), + descData.getRemark(), descData.getIce(), + descData.getProximity(), descData.getReach(), descData.getRegulation(), descData.getTopo()); - + runStatement(query); } - + /** * Update description data. - * @param descData Description data. - * @throws VizException Database exception. + * + * @param descData + * Description data. + * @throws VizException + * Database exception. */ - public void updateDescriptionData(DescriptionData descData) throws VizException - { - String query = String.format(UPDATE_STATEMENT, - descData.getStreamBed(), descData.getDivert(), descData.getRemark(), - descData.getIce(), descData.getProximity(), descData.getReach(), - descData.getRegulation(), descData.getTopo(), descData.getLid()); - + public void updateDescriptionData(DescriptionData descData) + throws VizException { + DbUtils.escapeSpecialCharforData(descData); + + String query = String + .format(UPDATE_STATEMENT, descData.getStreamBed(), + descData.getDivert(), descData.getRemark(), + descData.getIce(), descData.getProximity(), + descData.getReach(), descData.getRegulation(), + descData.getTopo(), descData.getLid()); + runStatement(query); } - + /** * Check if a record exists. - * @param lid Location ID. + * + * @param lid + * Location ID. * @return True if the record exists, false otherwise. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public boolean recordExists(String lid) throws VizException - { + public boolean recordExists(String lid) throws VizException { StringBuilder query = new StringBuilder(SELECT_STATEMENT); String whereClaus = String.format(" WHERE lid = '%s'", lid); - + query.append(whereClaus); - + QueryResult result = runMappedQuery(query.toString()); - - if (result.getResultCount() == 0) - { + + if (result.getResultCount() == 0) { return false; } - + return true; } } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodCategoryDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodCategoryDataManager.java index 728645b3de..95ae88a96a 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodCategoryDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodCategoryDataManager.java @@ -29,6 +29,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.HydroConstants; import com.raytheon.viz.hydrocommon.data.FloodCategoryData; +import com.raytheon.viz.hydrocommon.util.DbUtils; import com.raytheon.viz.hydrocommon.util.HydroDataUtils; /** @@ -50,13 +51,12 @@ import com.raytheon.viz.hydrocommon.util.HydroDataUtils; public class FloodCategoryDataManager extends HydroDataManager { protected static FloodCategoryDataManager manager = null; - private static final String INSERT_STATEMENT = "INSERT INTO floodcat (lid, major_stage, moderate_stage, minor_stage, major_flow, moderate_flow, minor_flow) VALUES ('%s', %s, %s, %s, %s, %s, %s)"; - + private static final String SELECT_STATEMENT = "SELECT lid, major_stage, moderate_stage, minor_stage, major_flow, moderate_flow, minor_flow FROM floodcat"; private static final String DELETE_STATEMENT = "DELETE from floodcat WHERE %s"; - + private static final String UPDATE_STATEMENT = "UPDATE floodcat SET major_stage=%s, moderate_stage=%s, minor_stage=%s, major_flow=%s, moderate_flow=%s, minor_flow=%s WHERE %s"; /** @@ -100,8 +100,8 @@ public class FloodCategoryDataManager extends HydroDataManager { */ public void deleteRecord(FloodCategoryData recordToDelete) throws VizException { - runStatement(String.format(DELETE_STATEMENT, HydroDataUtils - .getPKStatement(recordToDelete))); + runStatement(String.format(DELETE_STATEMENT, + HydroDataUtils.getPKStatement(recordToDelete))); } /** @@ -128,8 +128,8 @@ public class FloodCategoryDataManager extends HydroDataManager { QueryResult result = runMappedQuery(SELECT_STATEMENT + " WHERE lid='" + lid + "'"); - return (result.getResultCount() > 0) ? new FloodCategoryData(result - .getRows()[0], result.getColumnNames()) + return (result.getResultCount() > 0) ? new FloodCategoryData( + result.getRows()[0], result.getColumnNames()) : new FloodCategoryData(); } @@ -149,48 +149,54 @@ public class FloodCategoryDataManager extends HydroDataManager { private void updateFloodCategoryData(FloodCategoryData data) throws VizException { - Double majorS =null, minorS=null, moderateS=null, majorD=null, minorD=null, moderateD=null; - - if (data.getMajorStage() != HydroConstants.MISSING_VALUE) - majorS = data.getMajorStage(); - if (data.getModerateStage() != HydroConstants.MISSING_VALUE) - moderateS = data.getModerateStage(); - if (data.getMinorStage() != HydroConstants.MISSING_VALUE) - minorS = data.getMinorStage(); - if (data.getMajorDischarge() != HydroConstants.MISSING_VALUE) - majorD = data.getMajorDischarge(); - if (data.getModerateDischarge() != HydroConstants.MISSING_VALUE) - moderateD = data.getModerateDischarge(); - if (data.getMinorDischarge() != HydroConstants.MISSING_VALUE) - minorD = data.getMinorDischarge(); - - - /*check if any of the stages or flows is missing, then assign null into database;*/ - runStatement(String.format(UPDATE_STATEMENT, majorS, moderateS, minorS, majorD, - moderateD, minorD, HydroDataUtils.getPKStatement(data))); + Double majorS = null, minorS = null, moderateS = null, majorD = null, minorD = null, moderateD = null; + + DbUtils.escapeSpecialCharforData(data); + + if (data.getMajorStage() != HydroConstants.MISSING_VALUE) + majorS = data.getMajorStage(); + if (data.getModerateStage() != HydroConstants.MISSING_VALUE) + moderateS = data.getModerateStage(); + if (data.getMinorStage() != HydroConstants.MISSING_VALUE) + minorS = data.getMinorStage(); + if (data.getMajorDischarge() != HydroConstants.MISSING_VALUE) + majorD = data.getMajorDischarge(); + if (data.getModerateDischarge() != HydroConstants.MISSING_VALUE) + moderateD = data.getModerateDischarge(); + if (data.getMinorDischarge() != HydroConstants.MISSING_VALUE) + minorD = data.getMinorDischarge(); + + /* + * check if any of the stages or flows is missing, then assign null into + * database; + */ + runStatement(String.format(UPDATE_STATEMENT, majorS, moderateS, minorS, + majorD, moderateD, minorD, HydroDataUtils.getPKStatement(data))); } private void insertFloodData(FloodCategoryData currData) throws VizException { - - Double majorS =null, minorS=null, moderateS=null, majorD=null, minorD=null, moderateD=null; - - if (currData.getMajorStage() != HydroConstants.MISSING_VALUE) - majorS = currData.getMajorStage(); - if (currData.getModerateStage() != HydroConstants.MISSING_VALUE) - moderateS = currData.getModerateStage(); - if (currData.getMinorStage() != HydroConstants.MISSING_VALUE) - minorS = currData.getMinorStage(); - if (currData.getMajorDischarge() != HydroConstants.MISSING_VALUE) - majorD = currData.getMajorDischarge(); - if (currData.getModerateDischarge() != HydroConstants.MISSING_VALUE) - moderateD = currData.getModerateDischarge(); - if (currData.getMinorDischarge() != HydroConstants.MISSING_VALUE) - minorD = currData.getMinorDischarge(); - - /* if any of the stage or flows is missing, the assign null to database */ - runStatement(String.format(INSERT_STATEMENT, currData.getLid(), - majorS, moderateS, minorS, majorD, moderateD, minorD)); + + Double majorS = null, minorS = null, moderateS = null, majorD = null, minorD = null, moderateD = null; + + DbUtils.escapeSpecialCharforData(currData); + + if (currData.getMajorStage() != HydroConstants.MISSING_VALUE) + majorS = currData.getMajorStage(); + if (currData.getModerateStage() != HydroConstants.MISSING_VALUE) + moderateS = currData.getModerateStage(); + if (currData.getMinorStage() != HydroConstants.MISSING_VALUE) + minorS = currData.getMinorStage(); + if (currData.getMajorDischarge() != HydroConstants.MISSING_VALUE) + majorD = currData.getMajorDischarge(); + if (currData.getModerateDischarge() != HydroConstants.MISSING_VALUE) + moderateD = currData.getModerateDischarge(); + if (currData.getMinorDischarge() != HydroConstants.MISSING_VALUE) + minorD = currData.getMinorDischarge(); + + /* if any of the stage or flows is missing, the assign null to database */ + runStatement(String.format(INSERT_STATEMENT, currData.getLid(), majorS, + moderateS, minorS, majorD, moderateD, minorD)); } public boolean putFloodCategoryData(String lid, String majorStage, @@ -198,42 +204,42 @@ public class FloodCategoryDataManager extends HydroDataManager { String modDischarge, String minorDischarge, Shell shell) throws VizException { boolean rval = false; - String blankStr=""; + String blankStr = ""; FloodCategoryData newData = new FloodCategoryData(); newData.setLid(lid); try { - if (majorDischarge.equals(blankStr)) - newData.setMajorDischarge((double) HydroConstants.MISSING_VALUE); - else - newData.setMajorDischarge(Double.parseDouble(majorDischarge)); - - if (modDischarge.equals(blankStr)) - newData.setModerateDischarge((double) HydroConstants.MISSING_VALUE); - else - newData.setModerateDischarge(Double.parseDouble(modDischarge)); - - if (minorDischarge.equals(blankStr)) - newData.setMinorDischarge((double) HydroConstants.MISSING_VALUE); - else - newData.setMinorDischarge(Double.parseDouble(minorDischarge)); + if (majorDischarge.equals(blankStr)) + newData.setMajorDischarge((double) HydroConstants.MISSING_VALUE); + else + newData.setMajorDischarge(Double.parseDouble(majorDischarge)); - if (majorStage.equals(blankStr)) - newData.setMajorStage((double) HydroConstants.MISSING_VALUE); - else + if (modDischarge.equals(blankStr)) + newData.setModerateDischarge((double) HydroConstants.MISSING_VALUE); + else + newData.setModerateDischarge(Double.parseDouble(modDischarge)); + + if (minorDischarge.equals(blankStr)) + newData.setMinorDischarge((double) HydroConstants.MISSING_VALUE); + else + newData.setMinorDischarge(Double.parseDouble(minorDischarge)); + + if (majorStage.equals(blankStr)) + newData.setMajorStage((double) HydroConstants.MISSING_VALUE); + else newData.setMajorStage(Double.parseDouble(majorStage)); - - if (modStage.equals(blankStr)) - newData.setModerateStage((double) HydroConstants.MISSING_VALUE); - else + + if (modStage.equals(blankStr)) + newData.setModerateStage((double) HydroConstants.MISSING_VALUE); + else newData.setModerateStage(Double.parseDouble(modStage)); - - if (minorStage.equals(blankStr)) - newData.setMinorStage((double) HydroConstants.MISSING_VALUE); - else - newData.setMinorStage(Double.parseDouble(minorStage)); + + if (minorStage.equals(blankStr)) + newData.setMinorStage((double) HydroConstants.MISSING_VALUE); + else + newData.setMinorStage(Double.parseDouble(minorStage)); } catch (Exception e) { MessageBox mb = new MessageBox(shell, SWT.ICON_ERROR | SWT.OK); mb.setText("Invalid Value"); diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodDataManager.java index ee2164ae1e..970c15631c 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/FloodDataManager.java @@ -25,6 +25,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.FloodData; +import com.raytheon.viz.hydrocommon.util.DbUtils; import com.raytheon.viz.hydrocommon.util.HydroDataUtils; /** @@ -93,8 +94,8 @@ public class FloodDataManager extends HydroDataManager { * @throws VizException */ public void deleteRecord(FloodData recordToDelete) throws VizException { - runStatement(String.format(DELETE_STATEMENT, HydroDataUtils - .getPKStatement(recordToDelete))); + runStatement(String.format(DELETE_STATEMENT, + HydroDataUtils.getPKStatement(recordToDelete))); } /** @@ -160,14 +161,22 @@ public class FloodDataManager extends HydroDataManager { } private void updateFloodData(FloodData data) throws VizException { - runStatement(String.format(UPDATE_STATEMENT, data.getDamage(), data - .getDisplayStatement(), HydroDataUtils.getPKStatement(data))); + + DbUtils.escapeSpecialCharforData(data); + + runStatement(String + .format(UPDATE_STATEMENT, data.getDamage(), + data.getDisplayStatement(), + HydroDataUtils.getPKStatement(data))); } private void insertFloodData(FloodData currData) throws VizException { - runStatement(String.format(INSERT_STATEMENT, currData.getLid(), String - .format("%8.2f", currData.getStage()), currData.getDamage(), - currData.getDisplayStatement())); + + DbUtils.escapeSpecialCharforData(currData); + + runStatement(String.format(INSERT_STATEMENT, currData.getLid(), + String.format("%8.2f", currData.getStage()), + currData.getDamage(), currData.getDisplayStatement())); } public void putFloodCategoryData(String lid, double stage, String damage, diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDBDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDBDataManager.java index 1f07c799ee..78797d4b90 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDBDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDBDataManager.java @@ -30,6 +30,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.HydroDBData; +import com.raytheon.viz.hydrocommon.util.DbUtils; /** * Class for managing database query calls. @@ -89,6 +90,9 @@ public class HydroDBDataManager extends HydroDataManager { public void deleteRecord(T recordToDelete) throws VizException { try { + + DbUtils.escapeSpecialCharforData(recordToDelete); + String deleteQuery = (String) recordToDelete.getClass() .getMethod("getDeleteStatement").invoke(recordToDelete); @@ -215,6 +219,9 @@ public class HydroDBDataManager extends HydroDataManager { */ public void updateData(T data) throws VizException { try { + + DbUtils.escapeSpecialCharforData(data); + // Get the update statement with the values filled in String updateQuery = (String) data.getClass() .getMethod("getUpdateStatement").invoke(data); @@ -239,9 +246,11 @@ public class HydroDBDataManager extends HydroDataManager { throws VizException { try { + DbUtils.escapeSpecialCharforData(newData); String updateQuery = (String) newData.getClass() .getMethod("getUpdateStatement").invoke(newData); + DbUtils.escapeSpecialCharforData(updateData); String pkquery = (String) updateData.getClass() .getMethod("getPKStatement").invoke(updateData); @@ -268,6 +277,7 @@ public class HydroDBDataManager extends HydroDataManager { String insertQuery = null; try { + DbUtils.escapeSpecialCharforData(currData); // if (currData.getClass() == LocationAgencyOfficeData.class) { Method getSQLMethod = currData.getClass().getMethod( "getInsertStatement"); diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDataManager.java index f54876b4a3..32a74cb2d3 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/HydroDataManager.java @@ -19,7 +19,6 @@ **/ package com.raytheon.viz.hydrocommon.datamanager; -import java.lang.reflect.Field; import java.text.SimpleDateFormat; import java.util.ArrayList; import java.util.HashMap; @@ -44,7 +43,7 @@ import com.raytheon.viz.hydrocommon.data.RatingShift; * ------------ ---------- ----------- -------------------------- * Oct 22, 2008 1636 askripsky Initial Creation * Sep 09, 2009 2259 mpduff Added rating shift data - * April 8, 2015 17338 jingtaoD add checkAppostrophe method + * * * * @author askripsky @@ -74,11 +73,12 @@ public abstract class HydroDataManager { */ protected ArrayList runQuery(String dataQuery) { AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, + false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + dataQuery); } ArrayList data = null; @@ -103,18 +103,16 @@ public abstract class HydroDataManager { */ public QueryResult runMappedQuery(String dataQuery) throws VizException { AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, + false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + dataQuery); } QueryResult data = null; - - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - dataQuery = checkAppostrophe(dataQuery); - + data = DirectDbQuery.executeMappedQuery(dataQuery, HydroConstants.IHFS, QueryLanguage.SQL); @@ -127,120 +125,20 @@ public abstract class HydroDataManager { * @throws VizException */ public void runStatement(String dataQuery) throws VizException { - + AppsDefaults ad = AppsDefaults.getInstance(); - boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, false); + boolean debug = ad.getBoolean(HydroConstants.DEBUG_HYDRO_DB_TOKEN, + false); if (debug) { - System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + - ad.getToken(HydroConstants.PGPORT) + ":" + - ad.getToken(HydroConstants.DB_NAME)); + System.out.println(ad.getToken(HydroConstants.PGHOST) + ":" + + ad.getToken(HydroConstants.PGPORT) + ":" + + ad.getToken(HydroConstants.DB_NAME)); System.out.println("Query: " + dataQuery); } - - // check if dataQuery contains any apostrophe, if does, replace it to two single appostrophe - dataQuery = checkAppostrophe(dataQuery); - + DirectDbQuery.executeStatement(dataQuery, HydroConstants.IHFS, - QueryLanguage.SQL); - - } - - public String checkAppostrophe (String dataQuery) { - /* Check if text fields include single apostrophe, if it does, replace to - two single apostrophe since it is treated as special char in Postgres */ - String newDataQuery = ""; - String PDCDataStr = ""; - int PDC_presetStr_begindex = 0; - - /* special handling for PDC*/ - if (dataQuery.toLowerCase().contains("preset_string")) - { - PDC_presetStr_begindex = dataQuery.toLowerCase().indexOf("'at="); - if (PDC_presetStr_begindex > 0) - { - PDCDataStr = dataQuery.substring(PDC_presetStr_begindex); - dataQuery = dataQuery.substring(0, PDC_presetStr_begindex); - } - } - - String[] dataElement = dataQuery.split(", "); - for (int j = 0; j < dataElement.length; j++) - { - String elem = dataElement[j]; - String newSubData = ""; - String[] subdataElement = elem.split("="); - - for (int i = 0; i < subdataElement.length; i++) - { - String subelem = subdataElement[i]; - String likeStr=""; - - // handle the where clause contains "like '%'" - if (subelem.toUpperCase().contains("WHERE") && - subelem.toUpperCase().contains("LIKE")) - { - int likeindex = subelem.toUpperCase().indexOf("LIKE"); - likeStr = subelem.substring(likeindex , subelem.length()); - subelem = subelem.substring(0, likeindex); - } - - String endStr = ""; - String beginStr = ""; - String checkStr; - int startappostraphe, endappostraphe; - - if (subelem.contains("'")) - { - if (subelem.startsWith("$$") && subelem.endsWith("$$")) - { - startappostraphe = subelem.indexOf("$$"); - endappostraphe = subelem.lastIndexOf("$$"); - checkStr = subelem.substring(startappostraphe+2, endappostraphe); - if (checkStr.contains("'")) - { - checkStr = checkStr.replace("'", "''"); - subelem = "'" + checkStr +"'"; - } - } - else - { - startappostraphe = subelem.indexOf("'"); - endappostraphe = subelem.lastIndexOf("'"); - checkStr = subelem.substring(startappostraphe+1, endappostraphe); - if (checkStr.contains("'")) - { - if (startappostraphe > 0) - beginStr = subelem.substring(0, startappostraphe); - if (endappostraphe + 1 < subelem.length()) - endStr = subelem.substring(endappostraphe + 1, subelem.length()); - - checkStr = checkStr.replace("'", "''"); - subelem = beginStr + "'" + checkStr +"'" + endStr; - } - } - } - - if (i == subdataElement.length -1 ) - newSubData = newSubData + subelem + likeStr; - else - newSubData = newSubData + subelem + "="; - } - if (j == dataElement.length - 1) - newDataQuery = newDataQuery + newSubData; - else - newDataQuery = newDataQuery + newSubData + ", "; - } - - if (PDC_presetStr_begindex > 0) - { - if (newDataQuery.toLowerCase().startsWith("insert")) - newDataQuery = newDataQuery + ", " + PDCDataStr; - else if (newDataQuery.toLowerCase().startsWith("update")) - newDataQuery = newDataQuery + PDCDataStr; - - } - - return newDataQuery; + QueryLanguage.SQL); + } /** diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LocationAreaManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LocationAreaManager.java index 015404226d..94456aefa4 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LocationAreaManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LocationAreaManager.java @@ -25,59 +25,59 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.LocationAreaData; +import com.raytheon.viz.hydrocommon.util.DbUtils; /** * This class is the data manager for the location area data. * * 
- *
+ * 
  * SOFTWARE HISTORY
- *
+ * 
  * Date         Ticket#     Engineer    Description
  * ------------ ----------  ----------- --------------------------
  * 02 Dec 2008              lvenable    Initial creation
  * 
  *
- * + * * @author lvenable * @version 1.0 */ -public class LocationAreaManager extends HydroDataManager -{ +public class LocationAreaManager extends HydroDataManager { /** * Instance of this class. */ private static LocationAreaManager manager = null; - + /** * Select statement. */ private final String SELECT_STATEMENT = "SELECT * FROM locarea"; - + /** * Insert statement. */ private final String INSERT_STATEMENT = "INSERT INTO locarea (lid, area) VALUES ('%s', '%s')"; - + /** * Delete statement. */ private final String DELETE_STATEMENT = "DELETE FROM locarea"; - + /** * Update statement. */ private final String UPDATE_STATEMENT = "UPDATE locarea SET area='%s' WHERE lid='%s'"; - + /** * Private constructor. */ - private LocationAreaManager() - { + private LocationAreaManager() { } - + /** * Get an instance of this class. + * * @return An instance of this class. */ public static synchronized LocationAreaManager getInstance() { @@ -87,88 +87,103 @@ public class LocationAreaManager extends HydroDataManager return manager; } - + /** * Get the location area data. - * @param lid Location ID. + * + * @param lid + * Location ID. * @return Array of location area data. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public ArrayList getLocationAreaData(String lid) throws VizException - { + public ArrayList getLocationAreaData(String lid) + throws VizException { ArrayList rval = new ArrayList(); - + QueryResult result = runMappedQuery(SELECT_STATEMENT + " WHERE lid='" + lid + "'"); for (QueryResultRow currRow : result.getRows()) { rval.add(new LocationAreaData(currRow, result.getColumnNames())); } - + return rval; } - + /** * Delete an existing location area record. - * @param locationID Location ID. - * @throws VizException Database exception. + * + * @param locationID + * Location ID. + * @throws VizException + * Database exception. */ - public void deleteRecord(String locationID) throws VizException - { + public void deleteRecord(String locationID) throws VizException { StringBuilder query = new StringBuilder(DELETE_STATEMENT); - String whereClaus = String.format(" WHERE lid = '%s'", - locationID); + String whereClaus = String.format(" WHERE lid = '%s'", locationID); query.append(whereClaus); - + runStatement(query.toString()); } - + /** * Insert location area data. - * @param data Location area data. - * @throws VizException Database exception. + * + * @param data + * Location area data. + * @throws VizException + * Database exception. */ - public void insertLocationAreaData(LocationAreaData data) throws VizException - { + public void insertLocationAreaData(LocationAreaData data) + throws VizException { + DbUtils.escapeSpecialCharforData(data); + String query = String.format(INSERT_STATEMENT, data.getLid(), data.getArea()); - + runStatement(query); } - + /** * Update existing location area data. - * @param data Location area data. - * @throws VizException Database exception. + * + * @param data + * Location area data. + * @throws VizException + * Database exception. */ - public void updateLocationAreaData(LocationAreaData data) throws VizException - { + public void updateLocationAreaData(LocationAreaData data) + throws VizException { + DbUtils.escapeSpecialCharforData(data); + String query = String.format(UPDATE_STATEMENT, data.getArea(), data.getLid()); - + runStatement(query); } - + /** * Check of a location area record exists. - * @param lid Location ID. + * + * @param lid + * Location ID. * @return True if the record exists, false otherwise. - * @throws VizException Database exception. + * @throws VizException + * Database exception. */ - public boolean recordExists(String lid) throws VizException - { + public boolean recordExists(String lid) throws VizException { StringBuilder query = new StringBuilder(SELECT_STATEMENT); String whereClaus = String.format(" WHERE lid = '%s'", lid); - + query.append(whereClaus); - + QueryResult result = runMappedQuery(query.toString()); - - if (result.getResultCount() == 0) - { + + if (result.getResultCount() == 0) { return false; } - + return true; } } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterDataManager.java index 3ee82de9cd..f405a7a589 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterDataManager.java @@ -29,6 +29,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.LowWaterData; +import com.raytheon.viz.hydrocommon.util.DbUtils; import com.raytheon.viz.hydrocommon.util.HydroDataUtils; /** @@ -161,6 +162,9 @@ public class LowWaterDataManager extends HydroDataManager { } private void updateLowWaterData(LowWaterData data) throws VizException { + + DbUtils.escapeSpecialCharforData(data); + runStatement(String.format( UPDATE_STATEMENT, (data.getFlow() == LowWaterData.MISSING_VALUE) ? "null" : data @@ -170,6 +174,9 @@ public class LowWaterDataManager extends HydroDataManager { } private void insertLowWaterData(LowWaterData currData) throws VizException { + + DbUtils.escapeSpecialCharforData(currData); + runStatement(String.format(INSERT_STATEMENT, currData.getLid(), dateFormat.format(currData.getDate()), (currData.getFlow() == LowWaterData.MISSING_VALUE) ? "null" diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterStatementDataManager.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterStatementDataManager.java index 0e0c2497d5..27c1c04a1f 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterStatementDataManager.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/datamanager/LowWaterStatementDataManager.java @@ -25,6 +25,7 @@ import com.raytheon.uf.common.dataquery.db.QueryResult; import com.raytheon.uf.common.dataquery.db.QueryResultRow; import com.raytheon.uf.viz.core.exception.VizException; import com.raytheon.viz.hydrocommon.data.LowWaterStatementData; +import com.raytheon.viz.hydrocommon.util.DbUtils; import com.raytheon.viz.hydrocommon.util.HydroDataUtils; /** @@ -94,8 +95,8 @@ public class LowWaterStatementDataManager extends HydroDataManager { */ public void deleteRecord(LowWaterStatementData recordToDelete) throws VizException { - runStatement(String.format(DELETE_STATEMENT, HydroDataUtils - .getPKStatement(recordToDelete))); + runStatement(String.format(DELETE_STATEMENT, + HydroDataUtils.getPKStatement(recordToDelete))); } /** @@ -114,9 +115,7 @@ public class LowWaterStatementDataManager extends HydroDataManager { + lid + "' ORDER BY criteria_rank, lower_value ASC"); for (QueryResultRow currRow : result.getRows()) { - rval - .add(new LowWaterStatementData(currRow, result - .getColumnNames())); + rval.add(new LowWaterStatementData(currRow, result.getColumnNames())); } return rval; @@ -139,17 +138,23 @@ public class LowWaterStatementDataManager extends HydroDataManager { private void updateLowWaterStatementData(LowWaterStatementData data) throws VizException { - runStatement(String.format(UPDATE_STATEMENT, data - .getUpperValueDBString(), data.getStatement(), data - .getLowWaterCriteria(), data.getLowWaterSource(), + + DbUtils.escapeSpecialCharforData(data); + + runStatement(String.format(UPDATE_STATEMENT, + data.getUpperValueDBString(), data.getStatement(), + data.getLowWaterCriteria(), data.getLowWaterSource(), HydroDataUtils.getPKStatement(data))); } private void insertLowWaterData(LowWaterStatementData currData) throws VizException { + + DbUtils.escapeSpecialCharforData(currData); + runStatement(String.format(INSERT_STATEMENT, currData.getLid(), - currData.getPe(), currData.getLowerValue(), currData - .getUpperValueDBString(), currData.getCriteriaRank(), + currData.getPe(), currData.getLowerValue(), + currData.getUpperValueDBString(), currData.getCriteriaRank(), currData.getStatement(), currData.getLowWaterCriteria(), currData.getLowWaterSource())); } diff --git a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/util/DbUtils.java b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/util/DbUtils.java index 72f7e11e33..a6d18715e7 100644 --- a/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/util/DbUtils.java +++ b/cave/com.raytheon.viz.hydrocommon/src/com/raytheon/viz/hydrocommon/util/DbUtils.java @@ -23,8 +23,10 @@ import java.util.HashMap; import java.util.Map; import java.util.Set; import java.util.concurrent.ConcurrentHashMap; +import java.lang.reflect.Field; import com.raytheon.uf.common.ohd.AppsDefaults; +import com.raytheon.viz.hydrocommon.data.HydroDBData; /** * Hydro Database Utilities @@ -36,7 +38,8 @@ import com.raytheon.uf.common.ohd.AppsDefaults; * Jul 9, 2008 1194 mpduff Initial creation. * Mar 7, 2014 16692 lbousaidi Any Forecast source other than * H*,P*,Q*,T* should be handled by fcstother. - * + * Oct 10, 2015 17935 special char (e.g apostrophe) can not be saved/updated in Hyrobase + * * * * * @author mpduff @@ -80,8 +83,7 @@ public class DbUtils { } /* if observed data or processed data being treated as observed */ - if (ts.toUpperCase().startsWith("R") - || treatProcessedAsObserverd + if (ts.toUpperCase().startsWith("R") || treatProcessedAsObserverd || ts.toUpperCase().startsWith("XX")) { Set tableKeys = tableMap.keySet(); @@ -112,8 +114,8 @@ public class DbUtils { * data */ retVal = fcstTableMap.get(pe.substring(0, 1).toLowerCase()); - if (retVal==null) { - retVal="Fcstother"; + if (retVal == null) { + retVal = "Fcstother"; } matchFound = true; } else { /* if type-source not valid */ @@ -188,4 +190,54 @@ public class DbUtils { fcstTableMap.put("t", "Fcsttemperature"); } } + + /** + * replace string fields in table class which contains apostrophe + * + * @param curData + */ + public static void escapeSpecialCharforData(T curData) { + Class c = curData.getClass(); + + Field fields[] = c.getDeclaredFields(); + + for (Field f : fields) { + try { + if (f.getType().isAssignableFrom(String.class)) { + + f.setAccessible(true); + if (f.get(curData) != null) { + String value = (String) f.get(curData).toString(); + if (value != null) { + if (value.contains("'")) { + value = value.replace("'", "''"); + f.set(curData, value); + } + } + } + } + } catch (IllegalAccessException e) { + e.printStackTrace(); + } + } + + } + + /** + * replace apostrophe for string + * + * @param strValue + * @return + */ + public static String escapeSpecialCharforStr(String strValue) { + String rVal; + + if (strValue != null) { + if (strValue.contains("'")) { + strValue = strValue.replace("'", "''"); + } + } + rVal = strValue; + return rVal; + } }