@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); javax.servlet.http.Cookie[] theCookies = request.getCookies(); String param = ""; if (theCookies != null) { for (javax.servlet.http.Cookie theCookie : theCookies) { if (theCookie.getName().equals("vector")) { param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8"); break; } } } String bar = doSomething(param); String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')"; try { java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement(); int count = statement.executeUpdate(sql); org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response); } catch (java.sql.SQLException e) { if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) { response.getWriter().println("Error processing request."); return; } else throw new ServletException(e); } } // end doPost
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String[] values = request.getParameterValues("vector"); String param; if (values != null && values.length > 0) param = values[0]; else param = ""; String bar = "safe!"; java.util.HashMap<String, Object> map82281 = new java.util.HashMap<String, Object>(); map82281.put("keyA-82281", "a_Value"); // put some stuff in the collection map82281.put("keyB-82281", param); // put it in a collection map82281.put("keyC", "another_Value"); // put some stuff in the collection bar = (String) map82281.get("keyB-82281"); // get it back out bar = (String) map82281.get("keyA-82281"); // get safe value back out String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')"; try { java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement(); int count = statement.executeUpdate(sql, java.sql.Statement.RETURN_GENERATED_KEYS); org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response); } catch (java.sql.SQLException e) { if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) { response.getWriter().println("Error processing request."); return; } else throw new ServletException(e); } }
@Override public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); String param = ""; boolean flag = true; java.util.Enumeration<String> names = request.getParameterNames(); while (names.hasMoreElements() && flag) { String name = (String) names.nextElement(); String[] values = request.getParameterValues(name); if (values != null) { for (int i = 0; i < values.length && flag; i++) { String value = values[i]; if (value.equals("vector")) { param = name; flag = false; } } } } String bar = doSomething(param); String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')"; try { java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement(); int count = statement.executeUpdate(sql, new int[] {1, 2}); org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response); } catch (java.sql.SQLException e) { if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) { response.getWriter().println("Error processing request."); return; } else throw new ServletException(e); } } // end doPost