Hello SonarQube Community,
One of my scans returned an issue indicating the PreparedStatement isn’t using a valid parameter (S2695) However, it is using ‘1’ below in the setLong( 1, routeid); function.
It seems like it is a false-positive, but I was under the impression that it was fixed previously. https://jira.sonarsource.com/browse/SONARJAVA-2036
I’m using SonarJava 5.7 and SonarQube 6.7.5.
Any insight into this issue is appreciated.
Thanks!
Steve
try
{
String sql = "delete from " + MY_FILTER_RESULT + " where " + MY_FILTER_RESULT_ROUTE_ID + " = :routeId ";
LogUtil.trace( LOG, "Benchmark Query #32: sql = " + sql );
conn = JUtil.obtainCurrentDatabaseConnection( entityManager );
stmt = conn.prepareStatement( sql );
stmt.setLong( 1, routeId );
JUtil.setStatementTimeout( stmt, QueryTimeout.getRemoveRouteFromQuery() );
numberOfRowsDeleted = stmt.executeUpdate();
}
catch ( SQLException e )
{
throw new RuntimeException( e.getMessage() );
}
finally
{
JUtil.closeStatement( stmt );
JUtil.releaseCurrentDatabaseConnection( conn );
}
return numberOfRowsDeleted