From ca9f5b09257d576218f0bbffa1beeeb471ae398e Mon Sep 17 00:00:00 2001 From: zhangyuheng Date: Tue, 21 May 2024 16:44:18 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E5=A4=8D=E4=BA=86=E6=BD=9C=E5=9C=A8?= =?UTF-8?q?=E7=9A=84=E6=95=B0=E6=8D=AE=E5=BA=93=E6=B3=A8=E5=85=A5=E9=A3=8E?= =?UTF-8?q?=E9=99=A9=EF=BC=8C=E5=BB=BA=E8=AE=AE=E4=BD=BF=E7=94=A8=E6=AD=A4?= =?UTF-8?q?=E6=9B=B4=E6=96=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- pom.xml | 2 +- .../lunadeer/dominion/dtos/DominionDTO.java | 85 ++++++++++--------- .../cn/lunadeer/dominion/dtos/PlayerDTO.java | 30 +++---- .../dominion/dtos/PlayerPrivilegeDTO.java | 22 +++-- 4 files changed, 71 insertions(+), 68 deletions(-) diff --git a/pom.xml b/pom.xml index 6137855..442ab97 100644 --- a/pom.xml +++ b/pom.xml @@ -6,7 +6,7 @@ cn.lunadeer Dominion - 1.24.3-beta + 1.24.4-beta jar Dominion diff --git a/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java index e59fad3..346ed72 100644 --- a/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java +++ b/src/main/java/cn/lunadeer/dominion/dtos/DominionDTO.java @@ -14,9 +14,9 @@ import java.util.UUID; public class DominionDTO { - private static List query(String sql) { + private static List query(String sql, Object... args) { List dominions = new ArrayList<>(); - try (ResultSet rs = Dominion.database.query(sql)) { + try (ResultSet rs = Dominion.database.query(sql, args)) { if (sql.contains("UPDATE") || sql.contains("DELETE") || sql.contains("INSERT")) { // 如果是更新操作,重新加载缓存 Cache.instance.loadDominions(); @@ -100,18 +100,18 @@ public class DominionDTO { } public static List selectAll(String world) { - String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND id > 0;"; - return query(sql); + String sql = "SELECT * FROM dominion WHERE world = ? AND id > 0;"; + return query(sql, world); } public static List search(String name) { - String sql = "SELECT * FROM dominion WHERE name LIKE '%" + name + "%' AND id > 0;"; - return query(sql); + String sql = "SELECT * FROM dominion WHERE name LIKE ? AND id > 0;"; + return query(sql, "%" + name + "%"); } public static List selectAll(UUID owner) { - String sql = "SELECT * FROM dominion WHERE owner = '" + owner.toString() + "' AND id > 0"; - return query(sql); + String sql = "SELECT * FROM dominion WHERE owner = ? AND id > 0;"; + return query(sql, owner.toString()); } public static DominionDTO select(Integer id) { @@ -122,28 +122,28 @@ public class DominionDTO { -2147483648, -2147483648, -2147483648, 2147483647, 2147483647, 2147483647, -1); } - String sql = "SELECT * FROM dominion WHERE id = " + id + " AND id > 0"; - List dominions = query(sql); + String sql = "SELECT * FROM dominion WHERE id = ? AND id > 0;"; + List dominions = query(sql, id); if (dominions.size() == 0) return null; return dominions.get(0); } public static List selectByParentId(String world, Integer parentId) { - String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND parent_dom_id = " + parentId + " AND id > 0;"; - return query(sql); + String sql = "SELECT * FROM dominion WHERE world = ? AND parent_dom_id = ? AND id > 0;"; + return query(sql, world, parentId); } public static List selectByLocation(String world, Integer x, Integer y, Integer z) { - String sql = "SELECT * FROM dominion WHERE world = '" + world + "' AND " + - "x1 <= " + x + " AND x2 >= " + x + " AND " + - "y1 <= " + y + " AND y2 >= " + y + " AND " + - "z1 <= " + z + " AND z2 >= " + z + " AND " + "id > 0;"; - return query(sql); + String sql = "SELECT * FROM dominion WHERE world = ? AND " + + "x1 <= ? AND x2 >= ? AND " + + "y1 <= ? AND y2 >= ? AND " + + "z1 <= ? AND z2 >= ? AND " + "id > 0;"; + return query(sql, world, x, x, y, y, z, z); } public static DominionDTO select(String name) { - String sql = "SELECT * FROM dominion WHERE name = '" + name + "' AND id > 0;"; - List dominions = query(sql); + String sql = "SELECT * FROM dominion WHERE name = ? AND id > 0;"; + List dominions = query(sql, name); if (dominions.size() == 0) return null; return dominions.get(0); } @@ -151,25 +151,24 @@ public class DominionDTO { public static DominionDTO insert(DominionDTO dominion) { String sql = "INSERT INTO dominion (" + "owner, name, world, x1, y1, z1, x2, y2, z2" + - ") VALUES (" + - "'" + dominion.getOwner().toString() + "', " + - "'" + dominion.getName() + "', " + - "'" + dominion.getWorld() + "', " + - dominion.getX1() + ", " + - dominion.getY1() + ", " + - dominion.getZ1() + ", " + - dominion.getX2() + ", " + - dominion.getY2() + ", " + - dominion.getZ2() + - ") RETURNING *;"; - List dominions = query(sql); + ") VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?) RETURNING *;"; + List dominions = query(sql, + dominion.getOwner(), + dominion.getName(), + dominion.getWorld(), + dominion.getX1(), + dominion.getY1(), + dominion.getZ1(), + dominion.getX2(), + dominion.getY2(), + dominion.getZ2()); if (dominions.size() == 0) return null; return dominions.get(0); } public static void delete(DominionDTO dominion) { - String sql = "DELETE FROM dominion WHERE id = " + dominion.getId() + ";"; - query(sql); + String sql = "DELETE FROM dominion WHERE id = ?;"; + query(sql, dominion.getId()); } private static DominionDTO update(DominionDTO dominion) { @@ -181,9 +180,9 @@ public class DominionDTO { tp_location = loc.getBlockX() + ":" + loc.getBlockY() + ":" + loc.getBlockZ(); } String sql = "UPDATE dominion SET " + - "owner = '" + dominion.getOwner().toString() + "', " + - "name = '" + dominion.getName() + "', " + - "world = '" + dominion.getWorld() + "', " + + "owner = ?," + + "name = ?," + + "world = ?," + "x1 = " + dominion.getX1() + ", " + "y1 = " + dominion.getY1() + ", " + "z1 = " + dominion.getZ1() + ", " + @@ -191,8 +190,8 @@ public class DominionDTO { "y2 = " + dominion.getY2() + ", " + "z2 = " + dominion.getZ2() + ", " + "parent_dom_id = " + dominion.getParentDomId() + ", " + - "join_message = '" + dominion.getJoinMessage() + "', " + - "leave_message = '" + dominion.getLeaveMessage() + "', " + + "join_message = ?," + + "leave_message = ?," + "anchor = " + dominion.getAnchor() + ", " + "animal_killing = " + dominion.getAnimalKilling() + ", " + "anvil = " + dominion.getAnvil() + ", " + @@ -239,10 +238,16 @@ public class DominionDTO { "vehicle_destroy = " + dominion.getVehicleDestroy() + ", " + "vehicle_spawn = " + dominion.getVehicleSpawn() + ", " + "wither_spawn = " + dominion.getWitherSpawn() + ", " + // dom only - "tp_location = '" + tp_location + "' " + + "tp_location = ?" + " WHERE id = " + dominion.getId() + " RETURNING *;"; - List dominions = query(sql); + List dominions = query(sql, + dominion.getOwner().toString(), + dominion.getName(), + dominion.getWorld(), + dominion.getJoinMessage(), + dominion.getLeaveMessage(), + tp_location); if (dominions.size() == 0) return null; return dominions.get(0); } diff --git a/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java index 18c9caa..4825423 100644 --- a/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java +++ b/src/main/java/cn/lunadeer/dominion/dtos/PlayerDTO.java @@ -28,9 +28,9 @@ public class PlayerDTO { return update(this); } - private static List query(String sql) { + private static List query(String sql, Object... params) { List players = new ArrayList<>(); - try (ResultSet rs = Dominion.database.query(sql)) { + try (ResultSet rs = Dominion.database.query(sql, params)) { if (rs == null) return players; while (rs.next()) { Integer id = rs.getInt("id"); @@ -47,47 +47,47 @@ public class PlayerDTO { } public static PlayerDTO select(UUID uuid) { - String sql = "SELECT * FROM player_name WHERE uuid = '" + uuid.toString() + "';"; - List players = query(sql); + String sql = "SELECT * FROM player_name WHERE uuid = ?;"; + List players = query(sql, uuid.toString()); if (players.size() == 0) return null; return players.get(0); } public static PlayerDTO select(String name) { - String sql = "SELECT * FROM player_name WHERE last_known_name = '" + name + "';"; - List players = query(sql); + String sql = "SELECT * FROM player_name WHERE last_known_name = ?;"; + List players = query(sql, name); if (players.size() == 0) return null; return players.get(0); } public static List search(String name) { // 模糊搜索 - String sql = "SELECT * FROM player_name WHERE last_known_name LIKE '%" + name + "%';"; - return query(sql); + String sql = "SELECT * FROM player_name WHERE last_known_name LIKE ?;"; + return query(sql, "%" + name + "%"); } public static void delete(PlayerDTO player) { - String sql = "DELETE FROM player_name WHERE uuid = '" + player.getUuid().toString() + "';"; - query(sql); + String sql = "DELETE FROM player_name WHERE uuid = ?;"; + query(sql, player.getUuid()); } private static PlayerDTO insert(PlayerDTO player) { String sql = "INSERT INTO player_name (uuid, last_known_name, last_join_at) " + "VALUES" + - " ('" + player.getUuid().toString() + "', '" + player.getLastKnownName() + "', CURRENT_TIMESTAMP) " + + " (?, ?, CURRENT_TIMESTAMP) " + "RETURNING *;"; - List players = query(sql); + List players = query(sql, player.getUuid().toString(), player.getLastKnownName()); if (players.size() == 0) return null; return players.get(0); } private static PlayerDTO update(PlayerDTO player) { String sql = "UPDATE player_name SET " + - "last_known_name = '" + player.getLastKnownName() + "', " + + "last_known_name = ?, " + "last_join_at = CURRENT_TIMESTAMP " + - "WHERE uuid = '" + player.getUuid().toString() + "' " + + "WHERE uuid = ? " + "RETURNING *;"; - List players = query(sql); + List players = query(sql, player.getLastKnownName(), player.getUuid().toString()); if (players.size() == 0) return null; return players.get(0); } diff --git a/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java b/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java index 9e22de6..2cabf37 100644 --- a/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java +++ b/src/main/java/cn/lunadeer/dominion/dtos/PlayerPrivilegeDTO.java @@ -55,22 +55,20 @@ public class PlayerPrivilegeDTO { } public static PlayerPrivilegeDTO select(UUID playerUUID, Integer dom_id) { - String sql = "SELECT * FROM player_privilege WHERE player_uuid = '" + playerUUID + "' " + - "AND dom_id = " + dom_id + ";"; - List p = query(sql); + String sql = "SELECT * FROM player_privilege WHERE player_uuid = ? AND dom_id = ?;"; + List p = query(sql, playerUUID.toString(), dom_id); if (p.size() == 0) return null; return p.get(0); } public static List select(Integer dom_id) { - String sql = "SELECT * FROM player_privilege WHERE dom_id = " + dom_id + ";"; - return query(sql); + String sql = "SELECT * FROM player_privilege WHERE dom_id = ?;"; + return query(sql, dom_id); } public static void delete(UUID player, Integer domID) { - String sql = "DELETE FROM player_privilege WHERE player_uuid = '" + player + "' " + - "AND dom_id = " + domID + ";"; - query(sql); + String sql = "DELETE FROM player_privilege WHERE player_uuid = ? AND dom_id = ?;"; + query(sql, player.toString(), domID); } public static List selectAll() { @@ -79,8 +77,8 @@ public class PlayerPrivilegeDTO { } public static List selectAll(UUID player) { - String sql = "SELECT * FROM player_privilege WHERE player_uuid = '" + player + "';"; - return query(sql); + String sql = "SELECT * FROM player_privilege WHERE player_uuid = ?;"; + return query(sql, player.toString()); } private final Integer id; @@ -579,9 +577,9 @@ public class PlayerPrivilegeDTO { vehicleSpawn); } - private static List query(String sql) { + private static List query(String sql, Object... params) { List players = new ArrayList<>(); - try (ResultSet rs = Dominion.database.query(sql)) { + try (ResultSet rs = Dominion.database.query(sql, params)) { if (sql.contains("UPDATE") || sql.contains("DELETE") || sql.contains("INSERT")) { // 如果是更新操作,重新加载缓存 Cache.instance.loadPlayerPrivileges();