diff --git a/pom.xml b/pom.xml
index 6137855..442ab97 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
cn.lunadeer
Dominion
- 1.24.3-beta
+ 1.24.4-beta
jar
Dominion
diff --git a/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java
index e59fad3..346ed72 100644
--- a/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java
+++ b/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java
@@ -14,9 +14,9 @@ import java.util.UUID;
public class DominionDTO {
- private static List query(String sql) {
+ private static List query(String sql, Object... args) {
List dominions = new ArrayList<>();
- try (ResultSet rs = Dominion.database.query(sql)) {
+ try (ResultSet rs = Dominion.database.query(sql, args)) {
if (sql.contains("UPDATE") || sql.contains("DELETE") || sql.contains("INSERT")) {
// 如果是更新操作,重新加载缓存
Cache.instance.loadDominions();
@@ -100,18 +100,18 @@ public class DominionDTO {
}
public static List selectAll(String world) {
- String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND id > 0;";
- return query(sql);
+ String sql = "SELECT * FROM dominion WHERE world = ? AND id > 0;";
+ return query(sql, world);
}
public static List search(String name) {
- String sql = "SELECT * FROM dominion WHERE name LIKE '%" + name + "%' AND id > 0;";
- return query(sql);
+ String sql = "SELECT * FROM dominion WHERE name LIKE ? AND id > 0;";
+ return query(sql, "%" + name + "%");
}
public static List selectAll(UUID owner) {
- String sql = "SELECT * FROM dominion WHERE owner = '" + owner.toString() + "' AND id > 0";
- return query(sql);
+ String sql = "SELECT * FROM dominion WHERE owner = ? AND id > 0;";
+ return query(sql, owner.toString());
}
public static DominionDTO select(Integer id) {
@@ -122,28 +122,28 @@ public class DominionDTO {
-2147483648, -2147483648, -2147483648,
2147483647, 2147483647, 2147483647, -1);
}
- String sql = "SELECT * FROM dominion WHERE id = " + id + " AND id > 0";
- List dominions = query(sql);
+ String sql = "SELECT * FROM dominion WHERE id = ? AND id > 0;";
+ List dominions = query(sql, id);
if (dominions.size() == 0) return null;
return dominions.get(0);
}
public static List selectByParentId(String world, Integer parentId) {
- String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND parent_dom_id = " + parentId + " AND id > 0;";
- return query(sql);
+ String sql = "SELECT * FROM dominion WHERE world = ? AND parent_dom_id = ? AND id > 0;";
+ return query(sql, world, parentId);
}
public static List selectByLocation(String world, Integer x, Integer y, Integer z) {
- String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND " +
- "x1 <= " + x + " AND x2 >= " + x + " AND " +
- "y1 <= " + y + " AND y2 >= " + y + " AND " +
- "z1 <= " + z + " AND z2 >= " + z + " AND " + "id > 0;";
- return query(sql);
+ String sql = "SELECT * FROM dominion WHERE world = ? AND " +
+ "x1 <= ? AND x2 >= ? AND " +
+ "y1 <= ? AND y2 >= ? AND " +
+ "z1 <= ? AND z2 >= ? AND " + "id > 0;";
+ return query(sql, world, x, x, y, y, z, z);
}
public static DominionDTO select(String name) {
- String sql = "SELECT * FROM dominion WHERE name = '" + name + "' AND id > 0;";
- List dominions = query(sql);
+ String sql = "SELECT * FROM dominion WHERE name = ? AND id > 0;";
+ List dominions = query(sql, name);
if (dominions.size() == 0) return null;
return dominions.get(0);
}
@@ -151,25 +151,24 @@ public class DominionDTO {
public static DominionDTO insert(DominionDTO dominion) {
String sql = "INSERT INTO dominion (" +
"owner, name, world, x1, y1, z1, x2, y2, z2" +
- ") VALUES (" +
- "'" + dominion.getOwner().toString() + "', " +
- "'" + dominion.getName() + "', " +
- "'" + dominion.getWorld() + "', " +
- dominion.getX1() + ", " +
- dominion.getY1() + ", " +
- dominion.getZ1() + ", " +
- dominion.getX2() + ", " +
- dominion.getY2() + ", " +
- dominion.getZ2() +
- ") RETURNING *;";
- List dominions = query(sql);
+ ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING *;";
+ List dominions = query(sql,
+ dominion.getOwner(),
+ dominion.getName(),
+ dominion.getWorld(),
+ dominion.getX1(),
+ dominion.getY1(),
+ dominion.getZ1(),
+ dominion.getX2(),
+ dominion.getY2(),
+ dominion.getZ2());
if (dominions.size() == 0) return null;
return dominions.get(0);
}
public static void delete(DominionDTO dominion) {
- String sql = "DELETE FROM dominion WHERE id = " + dominion.getId() + ";";
- query(sql);
+ String sql = "DELETE FROM dominion WHERE id = ?;";
+ query(sql, dominion.getId());
}
private static DominionDTO update(DominionDTO dominion) {
@@ -181,9 +180,9 @@ public class DominionDTO {
tp_location = loc.getBlockX() + ":" + loc.getBlockY() + ":" + loc.getBlockZ();
}
String sql = "UPDATE dominion SET " +
- "owner = '" + dominion.getOwner().toString() + "', " +
- "name = '" + dominion.getName() + "', " +
- "world = '" + dominion.getWorld() + "', " +
+ "owner = ?," +
+ "name = ?," +
+ "world = ?," +
"x1 = " + dominion.getX1() + ", " +
"y1 = " + dominion.getY1() + ", " +
"z1 = " + dominion.getZ1() + ", " +
@@ -191,8 +190,8 @@ public class DominionDTO {
"y2 = " + dominion.getY2() + ", " +
"z2 = " + dominion.getZ2() + ", " +
"parent_dom_id = " + dominion.getParentDomId() + ", " +
- "join_message = '" + dominion.getJoinMessage() + "', " +
- "leave_message = '" + dominion.getLeaveMessage() + "', " +
+ "join_message = ?," +
+ "leave_message = ?," +
"anchor = " + dominion.getAnchor() + ", " +
"animal_killing = " + dominion.getAnimalKilling() + ", " +
"anvil = " + dominion.getAnvil() + ", " +
@@ -239,10 +238,16 @@ public class DominionDTO {
"vehicle_destroy = " + dominion.getVehicleDestroy() + ", " +
"vehicle_spawn = " + dominion.getVehicleSpawn() + ", " +
"wither_spawn = " + dominion.getWitherSpawn() + ", " + // dom only
- "tp_location = '" + tp_location + "' " +
+ "tp_location = ?" +
" WHERE id = " + dominion.getId() +
" RETURNING *;";
- List dominions = query(sql);
+ List dominions = query(sql,
+ dominion.getOwner().toString(),
+ dominion.getName(),
+ dominion.getWorld(),
+ dominion.getJoinMessage(),
+ dominion.getLeaveMessage(),
+ tp_location);
if (dominions.size() == 0) return null;
return dominions.get(0);
}
diff --git a/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java
index 18c9caa..4825423 100644
--- a/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java
+++ b/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java
@@ -28,9 +28,9 @@ public class PlayerDTO {
return update(this);
}
- private static List query(String sql) {
+ private static List query(String sql, Object... params) {
List players = new ArrayList<>();
- try (ResultSet rs = Dominion.database.query(sql)) {
+ try (ResultSet rs = Dominion.database.query(sql, params)) {
if (rs == null) return players;
while (rs.next()) {
Integer id = rs.getInt("id");
@@ -47,47 +47,47 @@ public class PlayerDTO {
}
public static PlayerDTO select(UUID uuid) {
- String sql = "SELECT * FROM player_name WHERE uuid = '" + uuid.toString() + "';";
- List players = query(sql);
+ String sql = "SELECT * FROM player_name WHERE uuid = ?;";
+ List players = query(sql, uuid.toString());
if (players.size() == 0) return null;
return players.get(0);
}
public static PlayerDTO select(String name) {
- String sql = "SELECT * FROM player_name WHERE last_known_name = '" + name + "';";
- List players = query(sql);
+ String sql = "SELECT * FROM player_name WHERE last_known_name = ?;";
+ List players = query(sql, name);
if (players.size() == 0) return null;
return players.get(0);
}
public static List search(String name) {
// 模糊搜索
- String sql = "SELECT * FROM player_name WHERE last_known_name LIKE '%" + name + "%';";
- return query(sql);
+ String sql = "SELECT * FROM player_name WHERE last_known_name LIKE ?;";
+ return query(sql, "%" + name + "%");
}
public static void delete(PlayerDTO player) {
- String sql = "DELETE FROM player_name WHERE uuid = '" + player.getUuid().toString() + "';";
- query(sql);
+ String sql = "DELETE FROM player_name WHERE uuid = ?;";
+ query(sql, player.getUuid());
}
private static PlayerDTO insert(PlayerDTO player) {
String sql = "INSERT INTO player_name (uuid, last_known_name, last_join_at) " +
"VALUES" +
- " ('" + player.getUuid().toString() + "', '" + player.getLastKnownName() + "', CURRENT_TIMESTAMP) " +
+ " (?, ?, CURRENT_TIMESTAMP) " +
"RETURNING *;";
- List players = query(sql);
+ List players = query(sql, player.getUuid().toString(), player.getLastKnownName());
if (players.size() == 0) return null;
return players.get(0);
}
private static PlayerDTO update(PlayerDTO player) {
String sql = "UPDATE player_name SET " +
- "last_known_name = '" + player.getLastKnownName() + "', " +
+ "last_known_name = ?, " +
"last_join_at = CURRENT_TIMESTAMP " +
- "WHERE uuid = '" + player.getUuid().toString() + "' " +
+ "WHERE uuid = ? " +
"RETURNING *;";
- List players = query(sql);
+ List players = query(sql, player.getLastKnownName(), player.getUuid().toString());
if (players.size() == 0) return null;
return players.get(0);
}
diff --git a/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java
index 9e22de6..2cabf37 100644
--- a/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java
+++ b/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java
@@ -55,22 +55,20 @@ public class PlayerPrivilegeDTO {
}
public static PlayerPrivilegeDTO select(UUID playerUUID, Integer dom_id) {
- String sql = "SELECT * FROM player_privilege WHERE player_uuid = '" + playerUUID + "' " +
- "AND dom_id = " + dom_id + ";";
- List p = query(sql);
+ String sql = "SELECT * FROM player_privilege WHERE player_uuid = ? AND dom_id = ?;";
+ List p = query(sql, playerUUID.toString(), dom_id);
if (p.size() == 0) return null;
return p.get(0);
}
public static List select(Integer dom_id) {
- String sql = "SELECT * FROM player_privilege WHERE dom_id = " + dom_id + ";";
- return query(sql);
+ String sql = "SELECT * FROM player_privilege WHERE dom_id = ?;";
+ return query(sql, dom_id);
}
public static void delete(UUID player, Integer domID) {
- String sql = "DELETE FROM player_privilege WHERE player_uuid = '" + player + "' " +
- "AND dom_id = " + domID + ";";
- query(sql);
+ String sql = "DELETE FROM player_privilege WHERE player_uuid = ? AND dom_id = ?;";
+ query(sql, player.toString(), domID);
}
public static List selectAll() {
@@ -79,8 +77,8 @@ public class PlayerPrivilegeDTO {
}
public static List selectAll(UUID player) {
- String sql = "SELECT * FROM player_privilege WHERE player_uuid = '" + player + "';";
- return query(sql);
+ String sql = "SELECT * FROM player_privilege WHERE player_uuid = ?;";
+ return query(sql, player.toString());
}
private final Integer id;
@@ -579,9 +577,9 @@ public class PlayerPrivilegeDTO {
vehicleSpawn);
}
- private static List query(String sql) {
+ private static List query(String sql, Object... params) {
List players = new ArrayList<>();
- try (ResultSet rs = Dominion.database.query(sql)) {
+ try (ResultSet rs = Dominion.database.query(sql, params)) {
if (sql.contains("UPDATE") || sql.contains("DELETE") || sql.contains("INSERT")) {
// 如果是更新操作,重新加载缓存
Cache.instance.loadPlayerPrivileges();