Consider not using String concatenation in SQL Statements #4
Description
This method is in theory considered safe from SQL Injections due to the fact that the method parameter is of type Long.
However it's better practice to stick to using the (?) notation for all types of SQL statements
public List<Member> listAssignedMembers(long id) throws SQLException {
return listAll(
"select * from members join member_to_project on members.id = member_to_project.member_id " +
"join projects on projects.id = member_to_project.project_id where member_to_project.project_id ="
+ id
);
}