| Code with Finding: |
class DatabaseAdmin {
/**
* Add an entry to the registration table with the given information
* @param conn
* @param newUser
* @param aid
* @param pwdStore
* @return 1 if successfully inserted
*/
public static int insertRegRequest(Connection conn, String newUser, int aid, String pwdStore, String answerStore) {
String query = "INSERT INTO main.registrationrequests (username, aid, pwhash, secanswer) "
+ "VALUE (?, ?, ?, ?)";
PreparedStatement pstmt = null;
ResultSet result = null;
int status = -1;
try {
pstmt = conn.prepareStatement(query);
pstmt.setString(1, newUser);
pstmt.setInt(2, aid);
pstmt.setString(3, pwdStore);
pstmt.setString(4, answerStore);
status = pstmt.executeUpdate();
} catch (SQLException e) {
if (e.getErrorCode() == DBManager.DUPLICATE_KEY_CODE) {
status = -2;
} else {
status = -1;
}
} finally {
DBManager.closeResultSet(result);
DBManager.closePreparedStatement(pstmt);
}
return status;
}
}
|
