Code Room
Code reviewHard
Question
Review this Java reporting code. Assume `createUser` stores the display name via a parameterized insert.
What a strong answer looks like
Separate real bugs from style. Rank issues by severity, point at the root cause rather than the symptom, and suggest a concrete fix — specific and kind.
Learn the concepts
// Stored earlier (safe, parameterized):// INSERT INTO users(id, display_name) VALUES (?, ?) public List<Row> auditByUser(long userId, Connection conn) throws SQLException { PreparedStatement p = conn.prepareStatement("SELECT display_name FROM users WHERE id=?"); p.setLong(1, userId); ResultSet rs = p.executeQuery(); rs.next(); String name = rs.getString("display_name"); String sql = "SELECT * FROM audit_log WHERE actor = '" + name + "' ORDER BY ts DESC"; return runRaw(conn, sql); // executes the string directly}Run or narrate your approach, then ask the coach.