protected collegeTable getCollege(String id, Connection con) throws SQLException {
   try {
     ResultSet rs = null;
     Statement statement = con.createStatement();
     rs =
         statement.executeQuery(
             "SELECT * FROM "
                 + TABLECOLLEGES
                 + " WHERE "
                 + collegeTable.ID
                 + " = "
                 + id
                 + " LIMIT 1");
     // if found
     if (rs.next()) {
       collegeTable table = new collegeTable();
       table.setID(id);
       table.setShort(rs.getString(collegeTable.SHORTNAME));
       table.setFull(rs.getString(collegeTable.FULLNAME));
       return table;
     } else {
       return null; // not found
     }
   } catch (Exception e) {
     log.writeException(e.getMessage());
     throw new SQLException(e.getMessage());
   }
 } // end getCollege
  private String processRequest(
      HttpServletRequest request, HttpServletResponse response, ConnectionPool conPool)
      throws Exception {
    // getting id parameters
    ParameterParser parameter = new ParameterParser(request);
    String bookID = parameter.getString(bookInterface.FIELD_ID, null);
    String sellerID = parameter.getString(bookInterface.FIELD_SELLERID, null);
    String message = parameter.getString(FIELD_MESSAGE, null);
    int codeID = parameter.getInt(bookInterface.FIELD_HIDDENID, 0);
    // get buyer's user object
    User user = (User) request.getSession().getAttribute(StringInterface.USERATTR);
    // security feauture:
    // if one of ids is missing or incorrect return false
    if (bookID == null
        || sellerID == null
        || codeID == 0
        || bookID.length() != booksTable.ID_LENGTH
        || sellerID.length() != usersTable.ID_LENGTH
        || codeID != Math.abs(bookID.hashCode())) {
      return "We were unable to find the book you specified! Please make sure that the book id is correct.";
    }
    if (user.getID().equals(sellerID)) {
      return "You may not purchase an item from yourself!";
    }
    // get connection
    Connection con = conPool.getConnection();
    try {
      booksTable book = generalUtils.getBook(bookID, con);
      /*security feauture:
       *check seller id == passed hidden id
       *book != null
       */
      if (book == null || !book.getSellerID().equals(sellerID)) {
        return "We were unable to find the book you specified! Please make sure that the book id is correct.";
      }
      usersTable sellerInfo = userUtils.getUserInfo(sellerID, con);
      usersTable buyerInfo = userUtils.getUserInfo(user.getID(), con);
      collegeTable college = getCollege(book.getCollegeID() + "", con);
      // if still here continue
      if (message == null) {
        request.setAttribute(ATTR_BOOK, book);
        request.setAttribute(ATTR_SELLER, sellerInfo);
        request.setAttribute(ATTR_BUYER, buyerInfo);
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATH_BUY_CONFIRM);
        rd.include(request, response);
        return null;
      } else if (buy(book, user, con)) {
        // sending email to buyer
        request.setAttribute(mailInterface.USERATTR, buyerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, buyerInfo.getEmail());
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute("book_id", bookID);
        request.setAttribute("seller_id", sellerID);

        RequestDispatcher rd = getServletContext().getRequestDispatcher(PATHBIDCONFIRMATION);
        rd.include(request, response);
        // sending email to seller
        request.setAttribute(ATTR_COLLEGE, college.getFull());
        request.setAttribute(mailInterface.USERATTR, sellerInfo.getUsername());
        request.setAttribute(mailInterface.EMAILATTR, sellerInfo.getEmail());
        request.setAttribute(mailInterface.MESSAGEATTR, message);
        request.setAttribute(mailInterface.BOOKATTR, book);
        request.setAttribute(mailInterface.MOREATTR, buyerInfo);

        request.setAttribute("book_id", bookID);
        request.setAttribute("buyer_id", user.getID());
        rd = getServletContext().getRequestDispatcher(PATHBOOKUPDATE);
        rd.include(request, response);
        // showing success message
        rd = getServletContext().getRequestDispatcher(PATH_BUY_SUCCESS);
        rd.include(request, response);
        return null;
      } else {
        throw new Exception("failed to process with buy");
      }
    } catch (Exception e) {
      throw e;
    } finally {
      // recycle
      conPool.free(con);
      con = null;
    }
  }