From 8c20e9477af5282f3c59e3c0accba05b910546d5 Mon Sep 17 00:00:00 2001
From: QDIBYS <alexis.szmundy@insee.fr>
Date: Thu, 11 Jul 2024 09:27:09 +0200
Subject: [PATCH] Use prepared statement in COUNT for execution log

---
 .../kraftwerk/core/outputs/csv/CsvOutputFiles.java   | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/kraftwerk-core/src/main/java/fr/insee/kraftwerk/core/outputs/csv/CsvOutputFiles.java b/kraftwerk-core/src/main/java/fr/insee/kraftwerk/core/outputs/csv/CsvOutputFiles.java
index f5222022..293233b4 100644
--- a/kraftwerk-core/src/main/java/fr/insee/kraftwerk/core/outputs/csv/CsvOutputFiles.java
+++ b/kraftwerk-core/src/main/java/fr/insee/kraftwerk/core/outputs/csv/CsvOutputFiles.java
@@ -20,6 +20,7 @@
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
+import java.sql.PreparedStatement;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
@@ -97,9 +98,14 @@ public void writeOutputTables(Map<String, MetadataModel> metadataModels) throws
 
 				//Count rows for functional log
 				if (kraftwerkExecutionLog != null) {
-					try(ResultSet countResult = this.getDatabase().executeQuery("SELECT COUNT(*) FROM " + datasetName)){
-						countResult.next();
-                        kraftwerkExecutionLog.getLineCountByTableMap().put(datasetName, countResult.getInt(1));
+					String selectQuery = "SELECT COUNT(*) FROM ?";
+					try(PreparedStatement preparedStatement = getDatabase().getConnection().prepareStatement(selectQuery)) {
+						preparedStatement.setString(1, datasetName);
+						try (ResultSet countResult =
+									 preparedStatement.executeQuery()) {
+							countResult.next();
+							kraftwerkExecutionLog.getLineCountByTableMap().put(datasetName, countResult.getInt(1));
+						}
 					}
 				}
 			} catch (SQLException | IOException e) {