To change this template choose Tools Templates and open the template i

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
package com.ramki.servlet;
import java.io.IOException;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
/**
*
* @author ramakrishnan
*/
@WebServlet(name = "userCheck", urlPatterns = {"/userCheck"})
public class userCheck extends HttpServlet {
/**
* Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods.
* @param request servlet request
* @param response servlet response
* @throws javax.servlet.ServletException if a servlet-specific error occurs
* @throws java.io.IOException if an I/O error occurs
*/
protected void processRequest(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html;charset=UTF-8");
PrintWriter out = response.getWriter();
out.println("<h1>SQL Injection Example</h1><br/><br/>");
try {
out.println("<html>");
out.println("<head>");
out.println("<title>Servlet userCheck</title>");
out.println("</head>");
out.println("<body>");
String user = request.getParameter("user");
System.out.println("MySQL Connect Example.");
Connection conn = null;
String url = "jdbc:postgresql://178.213.246.19:25432/injection";
String userName = "practice";
String password = "123";
try {
conn = DriverManager.getConnection(url, userName, password);
System.out.println("Connected to the database");
PreparedStatement preparedStm = conn.prepareStatement("SELECT * FROM user where userid=?");
preparedStm.setString(1, user);
ResultSet res = preparedStm.executeQuery();
out.println("<br/><br/>Results");
while (res.next()) {
//int i = res.getInt("Emp_code");
String s = res.getString("userId");
out.println("<br/><br/>\t\t" + s);
}
conn.close();
System.out.println("Disconnected from database");
} catch (Exception e) {
e.printStackTrace();
}
out.println("<br/><a href='/sqlinjection'>Back</a>");
out.println("</body>");
out.println("</html>");
}
finally {
out.close();
}
}
// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the left to edit the code.">
/**
* Handles the HTTP <code>GET</code> method.
* @param request servlet request
* @param response servlet response
* @throws javax.servlet.ServletException if a servlet-specific error occurs
* @throws java.io.IOException if an I/O error occurs
*/
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Handles the HTTP <code>POST</code> method.
* @param request servlet request
* @param response servlet response
* @throws javax.servlet.ServletException if a servlet-specific error occurs
* @throws java.io.IOException if an I/O error occurs
*/
@Override
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
processRequest(request, response);
}
/**
* Returns a short description of the servlet.
* @return a String containing servlet description
*/
@Override
public String getServletInfo() {
return "Short description";
}// </editor-fold>
}