From d7eb22d6c6f1869f42e53c1ea05b17463a0e7b12 Mon Sep 17 00:00:00 2001 From: Chris Jaekl Date: Sat, 12 Dec 2015 21:33:27 +0900 Subject: [PATCH] SQL_PREPARED_STATEMENT_GENERATED_FROM_NONCONSTANT_STRING: Invoke nextval() using a prepared statement parameter. --- prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java b/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java index a828d7f..ce4a802 100644 --- a/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java +++ b/prod/net/jaekl/cfb/db/driver/PostgresqlDriver.java @@ -35,10 +35,12 @@ public class PostgresqlDriver extends DbDriver { @Override public long nextVal(Connection con, Sequence seq) throws SQLException { - String sql = " SELECT NEXTVAL('" + seq.getName() + "') "; + String sql = " SELECT NEXTVAL(?) "; try (PreparedStatement ps = con.prepareStatement(sql)) { + ps.setString(1, seq.getName()); + try (ResultSet rs = ps.executeQuery()) { if (rs.next()) { return rs.getLong(1); -- 2.39.2