Pass objects to prepared statements where possible

src/main/java/alien/catalogue/LFNUtils.java

@@ -1174,8 +1174,8 @@ public class LFNUtils {
 					}
 				}
 
-				if (db.query("INSERT INTO COLLECTIONS_ELEM (collectionId,origLFN,guid) VALUES (" + collectionId + ", '" + Format.escSQL(lfn.getCanonicalName()) + "', string2binary('"
-						+ lfn.guid.toString() + "'));")) {
+				if (db.query("INSERT INTO COLLECTIONS_ELEM (collectionId,origLFN,guid) VALUES (?, ?, string2binary(?));", false, Integer.valueOf(collectionId), lfn.getCanonicalName(),
+						lfn.guid.toString())) {
 					guid.size += lfn.size;
 					updated = true;
 				}

src/main/java/alien/io/TransferBroker.java

@@ -145,7 +145,7 @@ public class TransferBroker {
 			db.setReadOnly(true);
 			db.setQueryTimeout(60);
 
-			db.query("SELECT max(max_transfers) FROM PROTOCOLS WHERE sename='" + Format.escSQL(seName) + "';");
+			db.query("SELECT max(max_transfers) FROM PROTOCOLS WHERE sename=?", false, seName);
 
 			if (db.moveNext())
 				ret = db.geti(1);
@@ -236,7 +236,7 @@ public class TransferBroker {
 					db.setReadOnly(true);
 					db.setQueryTimeout(60);
 
-					db.query("SELECT count(1) FROM active_transfers WHERE se_name='" + Format.escSQL(targetSE) + "';");
+					db.query("SELECT count(1) FROM active_transfers WHERE se_name=?", false, targetSE);
 
 					db.setReadOnly(false);
 

src/main/java/alien/taskQueue/JobBroker.java

@@ -365,7 +365,7 @@ public class JobBroker {
 			db.setReadOnly(true);
 			db.setQueryTimeout(30);
 
-			if (db.query("select count(1) from SITEQUEUES where blocked='open' and site='" + ce + "'") && db.moveNext() && db.geti(1) > 0)
+			if (db.query("select count(1) from SITEQUEUES where blocked='open' and site=?", false, ce) && db.moveNext() && db.geti(1) > 0)
 				return 1;
 			// TODO: use TaskQueueUtils.setSiteQueueStatus(ce,
 			// "closed-blocked");
@@ -539,8 +539,11 @@ public class JobBroker {
 			db.setReadOnly(true);
 
 			final String q = "select " + ret + " from JOBAGENT where 1=1 " + where + " order by priority desc, price desc, oldestQueueId asc limit 1";
-			logger.log(Level.INFO, "Going to select agents (" + q + ")");
-			logger.log(Level.INFO, "Bind values: " + bindValues.toString());
+
+			if (logger.isLoggable(Level.FINE)) {
+				logger.log(Level.FINE, "Going to select agents (" + q + ")");
+				logger.log(Level.FINE, "Bind values: " + bindValues.toString());
+			}
 
 			db.query(q, false, bindValues.toArray(new Object[0]));
 

src/main/java/alien/taskQueue/TaskQueueUtils.java

@@ -1757,7 +1757,7 @@ public class TaskQueueUtils {
 							}
 
 					if (id > 0) {
-						if (db.query("INSERT INTO QUEUE_USER (userId, user) VALUES (" + id + ", '" + Format.escSQL(key) + "');", true))
+						if (db.query("INSERT INTO QUEUE_USER (userId, user) VALUES (?, ?);", true, Integer.valueOf(id), key))
 							return Integer.valueOf(id);
 
 						// did it fail because the user was inserted by somebody