Used SQL queries… Is it normal?



  • Hello, I find in your chatroulette JAVA app this sql query:

    SELECT * FROM sessions s WHERE s.type=1 && s.id!=\""+id+"\" && " +
    				"(SELECT ip FROM sessions WHERE id=\""+id+"\" LIMIT 1) NOT IN (SELECT ip FROM filters " +
    					"WHERE id=s.id && DATE_SUB(NOW(), INTERVAL "+FILTER_TIME+" MINUTE)<filter_time) &&="" "="" +="" "(select="" ip="" from="" sessions="" where="" s.id="id" limit="" 1)="" not="" in="" (select="" filters="" id="\&quot;&quot;+" id+"\"="" date_sub(now(),="" interval="" "+filter_time+"="" minute)<filter_time)="" "+="" count(*)="" chats="" peer1="s.id" ||="" peer2="s.id)=0" user_prefs="" up="" up.id="\&quot;&quot;+id+&quot;\&quot;" (up.pref_value="\&quot;0\&quot;" up.pref_value=" +
    					" (if((select="" sett_value="" user_settings="" sett_name="up.pref_name" is="" null,"="" "up.pref_value,="" 1)))))="+
    					" "order="" by="" rand()="" 1<="" pre="">Is it rational to use such?
    
    Else I have a lot of spam in my log with error,that generates here:
    
    	if(res != null) {
    		try {
    			res.next();
    
    			String userId = res.getString("id");
    			return userId;
    		} catch(SQLException ex) {
    			log.error("Error at findUser", ex);
    		}
    	}
    

Log in to reply