KorisnikRepository - ubacene procedure

0fcd2599 · Nikola Markovic · 4f10a8a8 · 0fcd2599
Commit 0fcd2599 authored Sep 11, 2022 by Nikola Markovic
Show whitespace changes
Inline Side-by-side

Showing with 43 additions and 20 deletions

SkuciSe/src/main/java/com/example/SkuciSe/repository/KorisnikRepository.java
+43 -20

No files found.
--- a/SkuciSe/src/main/java/com/example/SkuciSe/repository/KorisnikRepository.java
+++ b/SkuciSe/src/main/java/com/example/SkuciSe/repository/KorisnikRepository.java
@@ -75,10 +75,14 @@ public class KorisnikRepository
    {
        String slika = null;
        String sql = null;
+        CallableStatement cs;
        try {
             slika = Base64.getEncoder().encodeToString(file.getBytes());
-             sql = " update korisnik " + " set slika = '" + slika + "' where korisnikid = " + korisnik.getKorisnikId();
-             dataBase.statement.executeUpdate( sql);
+             sql = "{call updateSlika(?,?)}";
+             cs = dataBase.connection.prepareCall(sql);
+             cs.setString(1,slika);
+             cs.setInt(2,korisnik.getKorisnikId());
+             cs.execute();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        } catch (IOException e) {
@@ -88,10 +92,14 @@ public class KorisnikRepository

    public Korisnik findByEmail(String email)
    {
-        String sql = "select * from korisnik where email = '"+email+"'";
+        //String sql = "select * from korisnik where email = '"+email+"'";
+        String sql = "{call findByEmail(?)}";
        ResultSet rs = null;
+        CallableStatement stmt = null;
        try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setString(1, email);
+            rs = stmt.executeQuery();
            while( rs.next())
            {
                return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
@@ -103,10 +111,13 @@ public class KorisnikRepository
    }

    public Korisnik findById(Integer id){
-        String sql = "select * from korisnik where KorisnikId = "+id;
+        String sql = "{call findKorisnikById(?)}";
        ResultSet rs = null;
+        CallableStatement stmt = null;
        try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            rs = stmt.executeQuery();
            while( rs.next())
            {
                return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
@@ -119,10 +130,13 @@ public class KorisnikRepository

    public String findRoleById( int tipid)
    {
-        String sql = "select * from tipkorisnika where tipId = "+tipid;
+        String sql = "{call findRoleById(?)}";
        ResultSet rs = null;
+        CallableStatement stmt = null;
        try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, tipid);
+            rs = stmt.executeQuery();
            while( rs.next())
            {
                return rs.getString("naziv");
@@ -153,10 +167,13 @@ public class KorisnikRepository
    }

    public String findCity(Integer id){
-        String sql = "select Naziv from lokacija where LokacijaID = "+id;
+        String sql = "{call findCityById(?)";
        ResultSet rs = null;
+        CallableStatement stmt = null;
        try {
-            rs = dataBase.statement.executeQuery(sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            rs = stmt.executeQuery();
            if(rs.next())
                return rs.getString("Naziv");
        } catch (SQLException e) {
@@ -166,9 +183,12 @@ public class KorisnikRepository
    }

    public void deleteUser(Integer id){
-        String sql = "delete from korisnik where KorisnikId = "+id;
+        String sql = "{call deleteKorisnik(?)}";
+        CallableStatement stmt = null;
        try {
-            dataBase.statement.execute(sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            stmt.execute();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
@@ -176,11 +196,13 @@ public class KorisnikRepository

    public void updateSifra( Korisnik korisnik, int korisnikId)
    {
-        String sql = " update korisnik " +
-                " set sifra = '" + new BCryptPasswordEncoder().encode( korisnik.getSifra()) +
-                "' where korisnikid = " + korisnikId;
+        String sql = "{call updateSifraKorisnika(?,?)}";
+        CallableStatement stmt = null;
        try {
-            dataBase.statement.executeUpdate( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setString(1, new BCryptPasswordEncoder().encode( korisnik.getSifra()));
+            stmt.setInt(2, korisnikId);
+            stmt.execute();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }
@@ -188,11 +210,12 @@ public class KorisnikRepository

    public void enableKorisnik( int korisnikId)
    {
-        String sql = " update korisnik " +
-                " set enabled = true" +
-                " where korisnikid = " + korisnikId;
+        String sql = "call enableKorisnik(?)";
+        CallableStatement stmt = null;
        try {
-            dataBase.statement.executeUpdate( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, korisnikId);
+            stmt.execute();
        } catch (SQLException e) {
            throw new RuntimeException(e);
        }