=== modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java' --- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java 2013-08-23 16:05:01 +0000 +++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/QueryItem.java 2013-09-10 14:22:41 +0000 @@ -28,12 +28,10 @@ * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -import java.util.Arrays; import java.util.HashMap; import java.util.Map; import org.hisp.dhis.common.IdentifiableObject; -import org.hisp.dhis.system.util.TextUtils; /** * @author Lars Helge Overland @@ -92,27 +90,6 @@ return OPERATOR_MAP.get( operator.toLowerCase() ); } - public String getSqlFilter() - { - if ( operator == null || filter == null ) - { - return null; - } - - if ( operator.equals( "like" ) ) - { - return "'%" + filter.toLowerCase() + "%'"; - } - else if ( operator.equals( "in" ) ) - { - String[] split = filter.toLowerCase().split( ":" ); - - return "(" + TextUtils.getQuotedCommaDelimitedString( Arrays.asList( split ) ) + ")"; - } - - return "'" + filter.toLowerCase() + "'"; - } - @Override public String toString() { === modified file 'dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java' --- dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java 2013-09-02 17:38:21 +0000 +++ dhis-2/dhis-services/dhis-service-analytics/src/main/java/org/hisp/dhis/analytics/event/data/JdbcEventAnalyticsManager.java 2013-09-10 14:22:41 +0000 @@ -33,11 +33,14 @@ import static org.hisp.dhis.system.util.TextUtils.getQuotedCommaDelimitedString; import static org.hisp.dhis.system.util.TextUtils.removeLast; +import java.util.Arrays; + import org.hisp.dhis.analytics.event.EventAnalyticsManager; import org.hisp.dhis.analytics.event.EventQueryParams; import org.hisp.dhis.analytics.event.QueryItem; import org.hisp.dhis.common.Grid; import org.hisp.dhis.common.IdentifiableObject; +import org.hisp.dhis.jdbc.StatementBuilder; import org.hisp.dhis.organisationunit.OrganisationUnit; import org.hisp.dhis.system.util.TextUtils; import org.hisp.dhis.system.util.Timer; @@ -53,6 +56,9 @@ { @Autowired private JdbcTemplate jdbcTemplate; + + @Autowired + private StatementBuilder statementBuilder; // ------------------------------------------------------------------------- // EventAnalyticsManager implementation @@ -111,8 +117,8 @@ for ( QueryItem filter : params.getItems() ) { if ( filter.hasFilter() ) - { - sql += "and lower(" + filter.getItem().getUid() + ") " + filter.getSqlOperator() + " " + filter.getSqlFilter() + " "; + { + sql += "and lower(" + filter.getItem().getUid() + ") " + filter.getSqlOperator() + " " + getSqlFilter( filter ) + " "; } } @@ -172,4 +178,34 @@ return grid; } + + // ------------------------------------------------------------------------- + // Supportive methods + // ------------------------------------------------------------------------- + + private String getSqlFilter( QueryItem item ) + { + String operator = item.getOperator(); + String filter = item.getFilter(); + + if ( operator == null || filter == null ) + { + return null; + } + + filter = statementBuilder.encode( filter, false ); + + if ( operator.equals( "like" ) ) + { + return "'%" + filter.toLowerCase() + "%'"; + } + else if ( operator.equals( "in" ) ) + { + String[] split = filter.toLowerCase().split( ":" ); + + return "(" + TextUtils.getQuotedCommaDelimitedString( Arrays.asList( split ) ) + ")"; + } + + return "'" + filter.toLowerCase() + "'"; + } } === modified file 'dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java' --- dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2013-09-01 18:30:05 +0000 +++ dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/StatementBuilder.java 2013-09-10 14:22:41 +0000 @@ -44,13 +44,21 @@ //-------------------------------------------------------------------------- /** + * Encodes the provided SQL value. Value will be wrapped in quotes. + * + * @param value the value. + * @return the SQL encoded value. + */ + String encode( String value ); + + /** * Encodes the provided SQL value. * * @param value the value. + * @param quote whether to wrap the resulting value in quotes. * @return the SQL encoded value. */ - String encode( String value ); - + String encode( String value, boolean quote ); /** * Returns the character used to quote database table and column names. * === modified file 'dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java' --- dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java 2013-08-23 16:05:01 +0000 +++ dhis-2/dhis-support/dhis-support-jdbc/src/main/java/org/hisp/dhis/jdbc/statementbuilder/AbstractStatementBuilder.java 2013-09-10 14:22:41 +0000 @@ -42,13 +42,19 @@ @Override public String encode( String value ) { + return encode( value, true ); + } + + @Override + public String encode( String value, boolean quote ) + { if ( value != null ) { value = value.endsWith( "\\" ) ? value.substring( 0, value.length() - 1 ) : value; value = value.replaceAll( QUOTE, QUOTE + QUOTE ); } - return QUOTE + value + QUOTE; + return quote ? ( QUOTE + value + QUOTE ) : value; } @Override