KorisnikRepository - ubacene procedure

SkuciSe/src/main/java/com/example/SkuciSe/repository/KorisnikRepository.java

@@ -75,10 +75,14 @@ public class KorisnikRepository
     {
     {
         String slika = null;
         String slika = null;
         String sql = null;
         String sql = null;
+        CallableStatement cs;
         try {
         try {
              slika = Base64.getEncoder().encodeToString(file.getBytes());
              slika = Base64.getEncoder().encodeToString(file.getBytes());
-             sql = " update korisnik " + " set slika = '" + slika + "' where korisnikid = " + korisnik.getKorisnikId();
-             dataBase.statement.executeUpdate( sql);
+             sql = "{call updateSlika(?,?)}";
+             cs = dataBase.connection.prepareCall(sql);
+             cs.setString(1,slika);
+             cs.setInt(2,korisnik.getKorisnikId());
+             cs.execute();
         } catch (SQLException e) {
         } catch (SQLException e) {
             throw new RuntimeException(e);
             throw new RuntimeException(e);
         } catch (IOException e) {
         } catch (IOException e) {
@@ -88,10 +92,14 @@ public class KorisnikRepository
 
 
     public Korisnik findByEmail(String email)
     public Korisnik findByEmail(String email)
     {
     {
-        String sql = "select * from korisnik where email = '"+email+"'";
+        //String sql = "select * from korisnik where email = '"+email+"'";
+        String sql = "{call findByEmail(?)}";
         ResultSet rs = null;
         ResultSet rs = null;
+        CallableStatement stmt = null;
         try {
         try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setString(1, email);
+            rs = stmt.executeQuery();
             while( rs.next())
             while( rs.next())
             {
             {
                 return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
                 return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
@@ -103,10 +111,13 @@ public class KorisnikRepository
     }
     }
 
 
     public Korisnik findById(Integer id){
     public Korisnik findById(Integer id){
-        String sql = "select * from korisnik where KorisnikId = "+id;
+        String sql = "{call findKorisnikById(?)}";
         ResultSet rs = null;
         ResultSet rs = null;
+        CallableStatement stmt = null;
         try {
         try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            rs = stmt.executeQuery();
             while( rs.next())
             while( rs.next())
             {
             {
                 return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
                 return ( new Korisnik( rs.getInt("korisnikId"), rs.getString("ime"), rs.getString("prezime"), rs.getString("email"), rs.getString("sifra"), rs.getString("telefon"), rs.getString("slika"), rs.getInt("tipid"), rs.getInt("gradid"), rs.getBoolean("enabled")));
@@ -119,10 +130,13 @@ public class KorisnikRepository
 
 
     public String findRoleById( int tipid)
     public String findRoleById( int tipid)
     {
     {
-        String sql = "select * from tipkorisnika where tipId = "+tipid;
+        String sql = "{call findRoleById(?)}";
         ResultSet rs = null;
         ResultSet rs = null;
+        CallableStatement stmt = null;
         try {
         try {
-            rs = dataBase.statement.executeQuery( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, tipid);
+            rs = stmt.executeQuery();
             while( rs.next())
             while( rs.next())
             {
             {
                 return rs.getString("naziv");
                 return rs.getString("naziv");
@@ -153,10 +167,13 @@ public class KorisnikRepository
     }
     }
 
 
     public String findCity(Integer id){
     public String findCity(Integer id){
-        String sql = "select Naziv from lokacija where LokacijaID = "+id;
+        String sql = "{call findCityById(?)";
         ResultSet rs = null;
         ResultSet rs = null;
+        CallableStatement stmt = null;
         try {
         try {
-            rs = dataBase.statement.executeQuery(sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            rs = stmt.executeQuery();
             if(rs.next())
             if(rs.next())
                 return rs.getString("Naziv");
                 return rs.getString("Naziv");
         } catch (SQLException e) {
         } catch (SQLException e) {
@@ -166,9 +183,12 @@ public class KorisnikRepository
     }
     }
 
 
     public void deleteUser(Integer id){
     public void deleteUser(Integer id){
-        String sql = "delete from korisnik where KorisnikId = "+id;
+        String sql = "{call deleteKorisnik(?)}";
+        CallableStatement stmt = null;
         try {
         try {
-            dataBase.statement.execute(sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, id);
+            stmt.execute();
         } catch (SQLException e) {
         } catch (SQLException e) {
             throw new RuntimeException(e);
             throw new RuntimeException(e);
         }
         }
@@ -176,11 +196,13 @@ public class KorisnikRepository
 
 
     public void updateSifra( Korisnik korisnik, int korisnikId)
     public void updateSifra( Korisnik korisnik, int korisnikId)
     {
     {
-        String sql = " update korisnik " +
-                " set sifra = '" + new BCryptPasswordEncoder().encode( korisnik.getSifra()) +
-                "' where korisnikid = " + korisnikId;
+        String sql = "{call updateSifraKorisnika(?,?)}";
+        CallableStatement stmt = null;
         try {
         try {
-            dataBase.statement.executeUpdate( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setString(1, new BCryptPasswordEncoder().encode( korisnik.getSifra()));
+            stmt.setInt(2, korisnikId);
+            stmt.execute();
         } catch (SQLException e) {
         } catch (SQLException e) {
             throw new RuntimeException(e);
             throw new RuntimeException(e);
         }
         }
@@ -188,11 +210,12 @@ public class KorisnikRepository
 
 
     public void enableKorisnik( int korisnikId)
     public void enableKorisnik( int korisnikId)
     {
     {
-        String sql = " update korisnik " +
-                " set enabled = true" +
-                " where korisnikid = " + korisnikId;
+        String sql = "call enableKorisnik(?)";
+        CallableStatement stmt = null;
         try {
         try {
-            dataBase.statement.executeUpdate( sql);
+            stmt = dataBase.connection.prepareCall(sql);
+            stmt.setInt(1, korisnikId);
+            stmt.execute();
         } catch (SQLException e) {
         } catch (SQLException e) {
             throw new RuntimeException(e);
             throw new RuntimeException(e);
         }
         }