import java.sql.*;
import com.microsoft.sqlserver.jdbc.SQLServerDataSource;

public class GetQuotes {

    public String getTable(String theSource){
        
        String myAnswer = "";
        
        String s1 = "<tr><td bgcolor=\"#FFFFFF\"><b>";
        String s2 = "</b><br />&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;--";
        String s3 = "</tr></td>";
        
        // check for SQL injection

        // INNER JOIN
        String SQL = "SELECT Quotes1.QuoteBody, Quotes1.FK_SourceID, Sources1.PK_SourceID, Sources1.SourceBody" + 
        " FROM Quotes1, Sources1" +
        " WHERE Quotes1.FK_SourceID=Sources1.PK_SourceID" +
        " AND Sources1.PK_SourceID = " + theSource;
        SQLServerDataSource myDataSource = new SQLServerDataSource();
        
        myDataSource.setUser(Model.getUsername());
        myDataSource.setPassword(Model.getPassword());
        myDataSource.setServerName(Model.getServername());
        myDataSource.setPortNumber(Model.getPortnumber()); 
        myDataSource.setDatabaseName(Model.getDatabase());
        
        Connection myConnection = null;
        Statement myStatement = null;
        ResultSet myResultSet = null;
        
        try // connection
        {
            myConnection = myDataSource.getConnection();
            try // database
            {
                myStatement = myConnection.createStatement();
                try // query
                {
                    myResultSet = myStatement.executeQuery(SQL);
                    try // results
                    {  
                        while (myResultSet.next()) 
                        {
                            myAnswer = 
                                myAnswer + 
                                s1 + myResultSet.getString(1) + 
                                s2 + myResultSet.getString(4) + 
                                s3 + "\n";
                        }
                    } // end try to use ResultSet
                    catch (SQLException e) 
                    {
                        myAnswer = "ERROR - Read problem";
                    }
                    myResultSet.close();
                    myResultSet = null;
                } // end try to executeQuery
                catch (SQLException e) 
                {
                    myAnswer = "ERROR - Query problem";
                }
                finally
                {
                    if (myResultSet != null) myResultSet = null; 
                }
                myStatement.close();
                myStatement = null;
            } // end try to createStatement
            catch (SQLException e) 
            {
                myAnswer = "ERROR - Database problem";
            }
            finally
            {
                if (myStatement != null) myStatement = null; 
            }
            myConnection.close();
            myConnection = null;
        } // end try to connect
        catch (SQLException e) 
        {
            myAnswer = "ERROR - Connection problem";
        }
        finally
        {
            if (myConnection != null) myConnection = null; 
        }
        myDataSource = null;
        return myAnswer;
    } // end main

} // end class