From 668535d93f605208b5bd4bf0edcb2d1609b76a57 Mon Sep 17 00:00:00 2001
From: Xephi <xephirot59@gmail.com>
Date: Wed, 30 Dec 2015 13:14:41 +0100
Subject: [PATCH] Revert "Pass args through PreparedStatement"

This reverts commit 14e130eaee89382e40e3c5b88f475bf2ceba72ea.
---
 .../fr/xephi/authme/datasource/MySQL.java     | 55 +++++++++----------
 .../fr/xephi/authme/datasource/SQLite.java    | 28 ++++------
 2 files changed, 36 insertions(+), 47 deletions(-)

diff --git a/src/main/java/fr/xephi/authme/datasource/MySQL.java b/src/main/java/fr/xephi/authme/datasource/MySQL.java
index 881747c2..713901bf 100644
--- a/src/main/java/fr/xephi/authme/datasource/MySQL.java
+++ b/src/main/java/fr/xephi/authme/datasource/MySQL.java
@@ -919,18 +919,18 @@ public class MySQL implements DataSource {
     public synchronized List<String> getAllAuthsByName(PlayerAuth auth) {
         List<String> result = new ArrayList<>();
         try (Connection con = getConnection()) {
-            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+            PreparedStatement pst = con.prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "=?", null)
+            		.addWhere(columnIp + "='" + auth.getIp() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, auth.getIp());
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
             }
             rs.close();
+            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -950,19 +950,19 @@ public class MySQL implements DataSource {
     @Override
     public synchronized List<String> getAllAuthsByIp(String ip) {
         List<String> result = new ArrayList<>();
-        try {
-            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+        try (Connection con = getConnection()) {
+            PreparedStatement pst = con.prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "=?", null)
+            		.addWhere(columnIp + "='" + ip + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, ip);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
             }
             rs.close();
+            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -982,19 +982,19 @@ public class MySQL implements DataSource {
     @Override
     public synchronized List<String> getAllAuthsByEmail(String email){
         List<String> countEmail = new ArrayList<>();
-        try {
-            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+        try (Connection con = getConnection()) {
+            PreparedStatement pst = con.prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnEmail + "=?", null)
+            		.addWhere(columnEmail + "='" + email + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, email);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 countEmail.add(rs.getString(columnName));
             }
             rs.close();
+            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1049,14 +1049,13 @@ public class MySQL implements DataSource {
     @Override
     public boolean isLogged(String user) {
         boolean isLogged = false;
-        try {
-        	PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+        try (Connection con = getConnection()) {
+        	PreparedStatement pst = con.prepareStatement(new Query(this)
         			.select(columnLogged)
         			.from(tableName)
-        			.addWhere(columnName + "=?", null)
+        			.addWhere(columnName + "='" + user + "'", null)
         			.build()
         			.getQuery());
-        	pst.setString(1, user);
             ResultSet rs = pst.executeQuery();
             isLogged = rs.next() && (rs.getInt(columnLogged) == 1);
         } catch (SQLException ex) {
@@ -1075,16 +1074,16 @@ public class MySQL implements DataSource {
      */
     @Override
     public void setLogged(String user) {
-        try {
-            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+        try (Connection con = getConnection()) {
+            PreparedStatement pst = con.prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnLogged + "='1'")
-            		.addWhere(columnName + "=?", null)
+            		.addUpdateSet(columnLogged + "=" + 1)
+            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
+            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1100,16 +1099,16 @@ public class MySQL implements DataSource {
      */
     @Override
     public void setUnlogged(String user) {
-        try {
-            PreparedStatement pst = getConnection().prepareStatement(new Query(this)
+        try (Connection con = getConnection()) {
+            PreparedStatement pst = con.prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnLogged + "='0'")
-            		.addWhere(columnName + "=?", null)
+            		.addUpdateSet(columnLogged + "=" + 0)
+            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
+            pst.close();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
             ConsoleLogger.writeStackTrace(ex);
@@ -1183,12 +1182,10 @@ public class MySQL implements DataSource {
             		con.prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnName + "=?")
-            		.addWhere(columnName + "=?", null)
+            		.addUpdateSet(columnName + "='" + newOne + "'")
+            		.addWhere(columnName + "='" + oldOne + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, newOne);
-            pst.setString(2, oldOne);
             pst.executeUpdate();
             pst.close();
         } catch (Exception ex) {
diff --git a/src/main/java/fr/xephi/authme/datasource/SQLite.java b/src/main/java/fr/xephi/authme/datasource/SQLite.java
index e541baf5..b753ba24 100644
--- a/src/main/java/fr/xephi/authme/datasource/SQLite.java
+++ b/src/main/java/fr/xephi/authme/datasource/SQLite.java
@@ -612,10 +612,9 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "=?", null)
+            		.addWhere(columnIp + "='" + auth.getIp() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, auth.getIp());
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
@@ -644,10 +643,9 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnIp + "=?", null)
+            		.addWhere(columnIp + "='" + ip + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, ip);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 result.add(rs.getString(columnName));
@@ -676,10 +674,9 @@ public class SQLite implements DataSource {
             PreparedStatement pst = getConnection().prepareStatement(new Query(this)
             		.select(columnName)
             		.from(tableName)
-            		.addWhere(columnEmail + "=?", null)
+            		.addWhere(columnEmail + "='" + email + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, email);
             ResultSet rs = pst.executeQuery();
             while (rs.next()) {
                 countEmail.add(rs.getString(columnName));
@@ -742,10 +739,9 @@ public class SQLite implements DataSource {
         	PreparedStatement pst = getConnection().prepareStatement(new Query(this)
         			.select(columnLogged)
         			.from(tableName)
-        			.addWhere(columnName + "=?", null)
+        			.addWhere(columnName + "='" + user + "'", null)
         			.build()
         			.getQuery());
-        	pst.setString(1, user);
             ResultSet rs = pst.executeQuery();
             isLogged = rs.next() && (rs.getInt(columnLogged) == 1);
         } catch (SQLException ex) {
@@ -769,10 +765,9 @@ public class SQLite implements DataSource {
             		.update()
             		.from(tableName)
             		.addUpdateSet(columnLogged + "='1'")
-            		.addWhere(columnName + "=?", null)
+            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -794,10 +789,9 @@ public class SQLite implements DataSource {
             		.update()
             		.from(tableName)
             		.addUpdateSet(columnLogged + "='0'")
-            		.addWhere(columnName + "=?", null)
+            		.addWhere(columnName + "='" + user.toLowerCase() + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, user.toLowerCase());
             pst.executeUpdate();
         } catch (SQLException ex) {
             ConsoleLogger.showError(ex.getMessage());
@@ -865,17 +859,15 @@ public class SQLite implements DataSource {
      */
     @Override
     public void updateName(String oldOne, String newOne) {
-        try (Connection con = getConnection()) {
+        try {
             PreparedStatement pst =
-            		con.prepareStatement(new Query(this)
+            		getConnection().prepareStatement(new Query(this)
             		.update()
             		.from(tableName)
-            		.addUpdateSet(columnName + "=?")
-            		.addWhere(columnName + "=?", null)
+            		.addUpdateSet(columnName + "='" + newOne + "'")
+            		.addWhere(columnName + "='" + oldOne + "'", null)
             		.build()
             		.getQuery());
-            pst.setString(1, newOne);
-            pst.setString(2, oldOne);
             pst.executeUpdate();
         } catch (Exception ex) {
             ConsoleLogger.showError(ex.getMessage());