Fix ordering issue, split out string parameters for jdbc stuff

The string parameters are now put in the query as a '?' and the string which
should go in their place is now placed in an auxiliary list when the query is
constructed. This should make it easier to avoid SQL injection stuff. (Although
table/column names are still vulnerable to SQL injection, they should not be
dynamic so the issue should be minimal.)

There was also another issue where some things were used before they were
declared (as a result of repl development) which has now been corrected.

0 files changed, 0 insertions, 0 deletions