SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING: Invoke nextval() using...

diff --git a/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java b/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java
index a828d7fc651a84f3d034b6aa8e6452ab3f17cbfc..ce4a802fe39c7cb12dde8db661d8adb8e26796ee 100644 (file)
--- a/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java
+++ b/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java
@@ -35,10 +35,12 @@ public class PostgresqlDriver extends DbDriver {
        @Override 
        public long nextVal(Connection con, Sequence seq) throws SQLException
        {
        @Override 
        public long nextVal(Connection con, Sequence seq) throws SQLException
        {

-               String sql = " SELECT NEXTVAL('" + seq.getName() + "') ";
+               String sql = " SELECT NEXTVAL(?) ";

                
                try (PreparedStatement ps = con.prepareStatement(sql)) 
                {
                
                try (PreparedStatement ps = con.prepareStatement(sql)) 
                {

+                       ps.setString(1, seq.getName());
+                       

                        try (ResultSet rs = ps.executeQuery()) {
                                if (rs.next()) {
                                        return rs.getLong(1);
                        try (ResultSet rs = ps.executeQuery()) {
                                if (rs.next()) {
                                        return rs.getLong(1);