diff --git a/WebContent/html/javascript/request.jsp b/WebContent/html/javascript/request.jsp
index 78a1ce9..640eb5e 100644
--- a/WebContent/html/javascript/request.jsp
+++ b/WebContent/html/javascript/request.jsp
@@ -11,6 +11,7 @@
Device[] mydevices = DeviceQueries.getAvailableDevices();
//string representation of array.
String deviceString = Device.arrayToString(mydevices);
+deviceString = deviceString.replace("'","\\'");
//out.println(description);
//out.println(hardware);
%>
diff --git a/WebContent/html/webpages/redirect/adminpasswordchange.jsp b/WebContent/html/webpages/redirect/adminpasswordchange.jsp
index b0181bb..5d226df 100644
--- a/WebContent/html/webpages/redirect/adminpasswordchange.jsp
+++ b/WebContent/html/webpages/redirect/adminpasswordchange.jsp
@@ -76,7 +76,9 @@ if(request.getParameter("submit") != null){
}
}
ResultSet result;
- result = stmt.executeQuery("select * FROM admin where Admin_ID='" + navsso + "' AND Password='" + generatedOldPass + "'");
+ String query = "select * FROM admin where Admin_ID='" + navsso + "' AND Password='" + generatedOldPass + "'";
+ result = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
if(result.next()){//if old password is accurate
if (!old.equals(newpass) && newpass.equals(confirm) && pincode.length() == 4 && AdminQueries.pincodeInt(pincode)){//if the password is new AND both news ones are equal AND pincode is 4 digits AND pincode is a number
try {
diff --git a/WebContent/html/webpages/redirect/adminpasswordupdate.jsp b/WebContent/html/webpages/redirect/adminpasswordupdate.jsp
index 5dc7241..b8b9363 100644
--- a/WebContent/html/webpages/redirect/adminpasswordupdate.jsp
+++ b/WebContent/html/webpages/redirect/adminpasswordupdate.jsp
@@ -87,8 +87,9 @@ if(request.getParameter("password") != null){
}
}
ResultSet result;
- result = stmt.executeQuery("select * FROM admin where Admin_ID='" + navsso + "' AND Password='" + generatedOldPass + "'");
-
+ String query = "select * FROM admin where Admin_ID='" + navsso + "' AND Password='" + generatedOldPass + "'";
+ result = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
/*
If the old password is correct, then we can continue to change the password.
*/
diff --git a/src/database/DeviceQueries.java b/src/database/DeviceQueries.java
index 5bbf7a8..d19e753 100644
--- a/src/database/DeviceQueries.java
+++ b/src/database/DeviceQueries.java
@@ -43,8 +43,9 @@ public static Device[] getUserDevices(String userID) throws SQLException, ClassN
Thread.sleep(1);
}
}
-
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM devices WHERE Renter = " + userID + " AND Status <> \"Available\" AND Status <> \"Returning \"");
+ String query = "SELECT * FROM devices WHERE Renter = " + userID + " AND Status <> \"Available\" AND Status <> \"Returning \"";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int counter = 0;
resultSet.last();
@@ -109,7 +110,9 @@ public static Device[] getAllDevices() throws SQLException, ClassNotFoundExcepti
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM devices");
+ String query = "SELECT * FROM devices";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int counter = 0;
resultSet.last();
@@ -174,7 +177,9 @@ public static Device[] getAvailableDevices() throws SQLException, ClassNotFoundE
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM devices WHERE Status = \"Available\"");
+ String query = "SELECT * FROM devices WHERE Status = \"Available\"";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int counter = 0;
resultSet.last();
@@ -242,7 +247,9 @@ public static void returnDevices(String devices) throws ClassNotFoundException,
String[] deviceArray = devices.replaceAll("\\[","").replaceAll("\\]","").replaceAll("\\s","").split(",");
for(int i = 0; i < deviceArray.length; i++){
//update statement
- stmt.executeUpdate("UPDATE devices SET Status = \"Returning\" WHERE Device_ID = " + deviceArray[i]);
+ String query = "UPDATE devices SET Status = \"Returning\" WHERE Device_ID = " + deviceArray[i];
+ stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
}
stmt.close();
connection.close();
@@ -280,15 +287,17 @@ public static void addDevice(Device device) throws SQLException, ClassNotFoundEx
int i = -1;
int id=0;
while(i <= 0){
- ResultSet results = stmt.executeQuery("SELECT * from devices ORDER BY Device_ID");
+ String query = "SELECT * from devices ORDER BY Device_ID";
+ ResultSet results = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
results.last();
//gets largest ID
id = results.getInt("Device_ID");
id++;
//tries this statement, otherwise tries again with a new id
String command = "INSERT INTO devices (Device_ID,Device_Name,Device_Description,MAC_Address,Manufacturer,Hardware,Model,Serial_Num,Status,NFC_ID,Locker_Position,Operating_System,Admin_Comments) " + "VALUES (" + id +",\"" + device.getName() + "\",\"" + device.getDesc()+ "\",\"" + device.getMAC() + "\",\"" + device.getManufacturer() + "\",\""+device.getHardware()+ "\",\"" + device.getModel() + "\",\"" + device.getSerial() + "\",\"" + device.getStatus() + "\",\"" + device.getNFC() + "\",\"" + device.getPos() + "\",\"" + device.getOS() + "\",\"" + device.getComment() +"\");";
- System.out.println(command);
i = stmt.executeUpdate(command);
+ System.out.println("Executing query: "+command);
}
stmt.close();
connection.close();
@@ -322,7 +331,9 @@ public static void modifyDevice(Device device) throws ClassNotFoundException, SQ
Thread.sleep(1);
}
}
- stmt.executeUpdate("UPDATE devices SET Device_Name = \"" + device.getName() + "\", Device_Description = \"" + device.getDesc() + "\", MAC_Address = \"" + device.getMAC() + "\", Manufacturer = \"" + device.getManufacturer() + "\", Hardware = \"" + device.getHardware() + "\", Model = \"" + device.getModel() + "\", Serial_Num = \"" + device.getSerial() + "\", Status = \"" + device.getStatus() + "\", NFC_ID = \"" + device.getNFC() + "\", Admin_Comments = \"" + device.getComment() + "\", Operating_System = \"" + device.getOS() + "\", Locker_Position = \"" + device.getPos() + "\" WHERE Device_ID = " + device.getID());
+ String query = "UPDATE devices SET Device_Name = \"" + device.getName() + "\", Device_Description = \"" + device.getDesc() + "\", MAC_Address = \"" + device.getMAC() + "\", Manufacturer = \"" + device.getManufacturer() + "\", Hardware = \"" + device.getHardware() + "\", Model = \"" + device.getModel() + "\", Serial_Num = \"" + device.getSerial() + "\", Status = \"" + device.getStatus() + "\", NFC_ID = \"" + device.getNFC() + "\", Admin_Comments = \"" + device.getComment() + "\", Operating_System = \"" + device.getOS() + "\", Locker_Position = \"" + device.getPos() + "\" WHERE Device_ID = " + device.getID();
+ stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
}
@@ -355,7 +366,9 @@ public static void deleteDevice(int id) throws ClassNotFoundException, SQLExcept
Thread.sleep(1);
}
}
- stmt.executeUpdate("DELETE from devices WHERE Device_ID = " + id);
+ String query = "DELETE from devices WHERE Device_ID = " + id;
+ stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
}
diff --git a/src/database/LocationQueries.java b/src/database/LocationQueries.java
index d3e5222..8bf5313 100644
--- a/src/database/LocationQueries.java
+++ b/src/database/LocationQueries.java
@@ -34,7 +34,9 @@ public static int locationStringToInt(String locString) throws SQLException, Cla
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT Location_ID FROM location WHERE Address = '"+locString+"'");
+ String query = "SELECT Location_ID FROM location WHERE Address = '"+locString+"'";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.next();
int returnResult = resultSet.getInt("Location_ID");
stmt.close();
@@ -66,7 +68,9 @@ public static String locationIntToString(int locInt) throws ClassNotFoundExcepti
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT Address FROM location WHERE Location_ID = "+locInt);
+ String query = "SELECT Address FROM location WHERE Location_ID = "+locInt;
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.next();
String returnResult = resultSet.getString("Address");
stmt.close();
@@ -101,14 +105,19 @@ public static int addLocation(Location location) throws SQLException, ClassNotFo
}
int i = -1;
int id=0;
+ String query = "SELECT * from location ORDER BY Location_ID";
while(i <= 0){
- ResultSet results = stmt.executeQuery("SELECT * from location ORDER BY Location_ID");
+ ResultSet results = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
results.last();
//gets largest ID
id = results.getInt("Location_ID");
id++;
//tries this statement, otherwise tries again with a new id
- i = stmt.executeUpdate("INSERT INTO location (Location_ID,Name,Address,Town,State,Zip_Code,Employee_Flag,Latitude,Longitude) VALUES (" + id +",\"" + location.getName() + "\",\"" + location.getAddress()+ "\",\"" + location.getTown() + "\",\"" + location.getState() + "\",\"" + location.getZip() + "\"," + location.getEmployeeFlag() + ",\"" + location.getLat() + "\",\"" + location.getLng() + "\")");
+ query = "INSERT INTO location (Location_ID,Name,Address,Town,State,Zip_Code,Employee_Flag,Latitude,Longitude) VALUES (" + id +",\"" + location.getName() + "\",\"" + location.getAddress()+ "\",\"" + location.getTown() + "\",\"" + location.getState() + "\",\"" + location.getZip() + "\"," + location.getEmployeeFlag() + ",\"" + location.getLat() + "\",\"" + location.getLng() + "\")";
+ i = stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
+ query = "SELECT * from location ORDER BY Location_ID";
}
stmt.close();
connection.close();
@@ -139,7 +148,9 @@ public static Location[] getAdminLocations() throws ClassNotFoundException, SQLE
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM location WHERE Employee_Flag = 0 ORDER BY Location_ID");
+ String query = "SELECT * FROM location WHERE Employee_Flag = 0 ORDER BY Location_ID";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int counter = 0;
resultSet.last();
@@ -165,7 +176,9 @@ public static Location[] getAdminLocations() throws ClassNotFoundException, SQLE
);
counter++;
}
- resultSet = stmt.executeQuery("SELECT location.location_id, count(*) AS 'count' FROM location JOIN devices ON devices.location = location.location_id WHERE employee_flag = 0 group by location.Location_ID ORDER BY location.Location_ID");
+ query = "SELECT location.location_id, count(*) AS 'count' FROM location JOIN devices ON devices.location = location.location_id WHERE employee_flag = 0 group by location.Location_ID ORDER BY location.Location_ID";
+ resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.last();
rows = resultSet.getRow();
resultSet.beforeFirst();
@@ -180,7 +193,9 @@ public static Location[] getAdminLocations() throws ClassNotFoundException, SQLE
}
j++;
}
- resultSet = stmt.executeQuery("SELECT location.location_id, count(*) AS 'count' FROM location JOIN employee ON employee.location_id = location.location_id WHERE employee_flag = 0 group by location.Location_ID ORDER BY location.Location_ID");
+ query = "SELECT location.location_id, count(*) AS 'count' FROM location JOIN employee ON employee.location_id = location.location_id WHERE employee_flag = 0 group by location.Location_ID ORDER BY location.Location_ID";
+ resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.last();
rows = resultSet.getRow();
resultSet.beforeFirst();
@@ -228,10 +243,13 @@ public static Location[] getLocations(int userID) throws SQLException, ClassNotF
Thread.sleep(1);
}
}
- ResultSet rs = stmt.executeQuery("SELECT COUNT(Location_ID) FROM location WHERE Employee_Flag = 0 OR Employee_Flag = "+userID);
+ String resultlength = "SELECT COUNT(Location_ID) FROM location WHERE Employee_Flag = 0 OR Employee_Flag = "+userID;
+ ResultSet rs = stmt.executeQuery(resultlength);
+ System.out.println("Executing query: "+query);
rs.next();
Location[] locations = new Location[rs.getInt("COUNT(Location_ID)")];
rs = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int i=0;
while(rs.next())
{
@@ -256,10 +274,7 @@ public static Location[] getLocations(int userID) throws SQLException, ClassNotF
/**
* Updates a location, assuming that all input fields have been changed.
- * @param location
- * @throws ClassNotFoundException
- * @throws SQLException
- * @throws InterruptedException
+ * @author Connor Jackson
*/
public static void modifyLocation(Location location) throws ClassNotFoundException, SQLException, InterruptedException{
System.getenv("VCAP_SERVICES");
@@ -284,17 +299,16 @@ public static void modifyLocation(Location location) throws ClassNotFoundExcepti
Thread.sleep(1);
}
}
- stmt.executeUpdate("UPDATE location SET Name = \"" + location.getName() + "\", Address = \"" + location.getAddress() + "\", Town = \"" + location.getTown() + "\", State = \"" + location.getState() + "\", Zip_Code = \"" + location.getZip() + "\", Latitude = \"" + location.getLat() + "\", Longitude = \"" + location.getLng() + "\" WHERE Location_ID = " + location.getID());
+ String query = "UPDATE location SET Name = \"" + location.getName() + "\", Address = \"" + location.getAddress() + "\", Town = \"" + location.getTown() + "\", State = \"" + location.getState() + "\", Zip_Code = \"" + location.getZip() + "\", Latitude = \"" + location.getLat() + "\", Longitude = \"" + location.getLng() + "\" WHERE Location_ID = " + location.getID();
+ stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
}
/**
* Deletes a location based on input id.
- * @param id
- * @throws ClassNotFoundException
- * @throws SQLException
- * @throws InterruptedException
+ * @author Connor Jackson
*/
public static int deleteLocation(int id) throws ClassNotFoundException, SQLException, InterruptedException{
System.getenv("VCAP_SERVICES");
@@ -319,8 +333,10 @@ public static int deleteLocation(int id) throws ClassNotFoundException, SQLExcep
Thread.sleep(1);
}
}
+ String query = "DELETE from location WHERE Location_ID = " + id;
try {
- stmt.executeUpdate("DELETE from location WHERE Location_ID = " + id);
+ stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
} catch (SQLException e) {
stmt.close();
connection.close();
@@ -355,7 +371,9 @@ public static Location[] getAllLocations() throws SQLException, ClassNotFoundExc
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM location");
+ String query = "SELECT * FROM location";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
int counter = 0;
resultSet.last();
@@ -411,7 +429,9 @@ public static Location getLocationByID(int id) throws InterruptedException, Clas
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT * FROM location WHERE Location_ID = " + id);
+ String query = "SELECT * FROM location WHERE Location_ID = " + id;
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.next();
return new Location(
resultSet.getInt("Location_ID"),
diff --git a/src/database/TicketQueries.java b/src/database/TicketQueries.java
index 18ecc4a..b93f5be 100644
--- a/src/database/TicketQueries.java
+++ b/src/database/TicketQueries.java
@@ -59,8 +59,8 @@ public static int generateTicket(int requester, int location, int device, String
query+= "'"+time+"'" +", ";
query+= "'"+returnDate+"'" + ", ";
query+= perm + ");";
- System.out.println(query);
stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
return ticketID;
@@ -95,7 +95,9 @@ public static Ticket[] getRequestedTickets()
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID WHERE ticket.Status = 'Requested'");
+ String query = "SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID WHERE ticket.Status = 'Requested'";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.last();
int rows = resultSet.getRow();
resultSet.beforeFirst();
@@ -152,7 +154,9 @@ public static Ticket[] getAllTickets()
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID");
+ String query = "SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID";
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.last();
int rows = resultSet.getRow();
resultSet.beforeFirst();
@@ -209,7 +213,9 @@ public static Ticket[] getAllTickets(int sso)
Thread.sleep(1);
}
}
- ResultSet resultSet = stmt.executeQuery("SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID WHERE Requestor = " + sso);
+ String query = "SELECT ticket.*, employee.Name AS 'username', devices.Device_Name, location.Name AS 'locationname' FROM ticket INNER JOIN employee ON ticket.Requestor = employee.Employee_ID INNER JOIN devices ON ticket.Device_ID = devices.Device_ID INNER JOIN location ON ticket.Location = location.Location_ID WHERE Requestor = " + sso;
+ ResultSet resultSet = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
resultSet.last();
int rows = resultSet.getRow();
resultSet.beforeFirst();
@@ -273,10 +279,9 @@ public static void acceptTicket(int ticketid, int deviceid, int locationid, int
+", devices.Status = \"Ready to Ship\", devices.Renter = " + sso
+", devices.Location = " + locationid
+", devices.Permanent = " + perm
- +" WHERE ticket.Ticket_ID = " + ticketid + " AND devices.Device_ID = " + deviceid;
- System.out.println("Executing query: "+query);
+ +" WHERE ticket.Ticket_ID = " + ticketid + " AND devices.Device_ID = " + deviceid;
stmt.executeUpdate(query);
-
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
}
@@ -311,8 +316,8 @@ public static void rejectTicket(int id)
}
long milliseconds = new Date().getTime();
String query="UPDATE ticket SET Status = \"Rejected\", Status_Date_Fields = "+milliseconds+" WHERE Ticket_ID = " + id;
- System.out.println("Executing query "+query);
stmt.executeUpdate(query);
+ System.out.println("Executing query: "+query);
stmt.close();
connection.close();
}
@@ -332,8 +337,8 @@ public static Ticket[] getRecentlyChangedTickets(int userID, String status, long
+"INNER JOIN location ON ticket.Location = location.Location_ID "
+"WHERE ticket.Status = '"+status+"' AND Requestor = " + userID
+" AND Status_Date_Fields >= " + milliseconds;
- System.out.println("Executing query '"+query+"'");
ResultSet results = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
results.last();
int rows = results.getRow();
results.beforeFirst();
@@ -391,6 +396,7 @@ public static int getUserID(int ticketID) throws ClassNotFoundException, SQLExce
}
String query = "SELECT Requestor FROM ticket WHERE Ticket_ID = "+ticketID+";";
ResultSet results = stmt.executeQuery(query);
+ System.out.println("Executing query: "+query);
results.next();
int answer = results.getInt("Requestor");
stmt.close();