@Override
public PostModel findCertainPost(PostModel post) {
Object[] params = new Object[] {post.getPostId()};
String fq = PostSql.findCertainPost;
String dq = SqlInjectionFilter.getBoundSql(fq, params);
logger.info(dq);
int filter = SqlInjectionFilter.isFiltered(this.getJdbcTemplate());
if (dq != null
&& (filter == 0
|| ((filter == 1 && !SqlInjectionFilter.isSQLiR(fq, dq))
|| (filter == 2 && !SqlInjectionFilter.isSQLiQ(fq, dq))))) {
// if want to get single row, It's correct using queryForObject() method -> only return single
// row.
// but in this case, for developing vulnerable web application, use query() method-> allow
// return multi rows.
List<PostModel> list =
this.getJdbcTemplate()
.query(
dq,
new RowMapper<PostModel>() {
@Override
public PostModel mapRow(ResultSet rs, int rowNum) throws SQLException {
PostModel post = new PostModel();
post.setPostId(rs.getInt("post_id"));
post.setMemberId(rs.getString("member_id"));
post.setTitle(rs.getString("title"));
post.setContents(rs.getString("contents"));
post.setDate(rs.getString("post_date"));
post.setEmpty(false);
return post;
}
});
if (list.size() == 0) {
post = new PostModel();
post.setEmpty(true);
return post;
} else {
return list.get(0);
}
// } else return null;
} else return new PostModel();
}
@Override
public int updateCertainPost(PostModel post) {
Object[] params =
new Object[] {post.getTitle(), post.getContents(), post.getDate(), post.getPostId()};
String fq = PostSql.updateCertainPost;
String dq = SqlInjectionFilter.getBoundSql(fq, params);
logger.info(dq);
int filter = SqlInjectionFilter.isFiltered(this.getJdbcTemplate());
if (dq != null
&& (filter == 0
|| ((filter == 1 && !SqlInjectionFilter.isSQLiR(fq, dq))
|| (filter == 2 && !SqlInjectionFilter.isSQLiQ(fq, dq))))) {
this.getJdbcTemplate().update(dq);
return 0;
} else return 1;
}