private void saveToDb() {
    Connection con = null;
    PreparedStatement pstmt = null;
    try {

      con = DbConnectionManager.getConnection();
      pstmt = con.prepareStatement(UPDATE_WARE);
      System.out.println(UPDATE_WARE);
      pstmt.setString(1, StringUtils.toChinese(this.Pname));
      pstmt.setString(2, StringUtils.toChinese(this.Pmodel));
      pstmt.setString(3, StringUtils.toChinese(this.Pcost));
      pstmt.setString(4, StringUtils.toChinese(this.Pheft));
      pstmt.setString(5, StringUtils.toChinese(this.Pfacturer));
      pstmt.setString(6, StringUtils.toChinese(this.Pnote));
      pstmt.setInt(7, this.Status);
      pstmt.setInt(8, this.Id);
      pstmt.executeUpdate();
    } catch (SQLException sqle) {
      System.err.println("错误位置: DbWare.java:saveToDb(): " + sqle);
      sqle.printStackTrace();
    } finally {
      try {
        pstmt.close();
      } catch (Exception e) {
        e.printStackTrace();
      }
      try {
        con.close();
      } catch (Exception e) {
        e.printStackTrace();
      }
    }
  }
 public void save(Connection conn) throws SQLException {
   boolean is_new = isNew();
   String query =
       (is_new
           ? ("insert into "
               + tableName()
               + " ("
               + recordIDColumnName()
               + ",mod_count,date_entered,date_modified,name,status,product) values (?,?,?,?,?,?,?)")
           : ("update "
               + tableName()
               + " set mod_count = ?, date_entered = ?, "
               + "date_modified = ?, name = ?, status = ?, product = ? where "
               + recordIDColumnName()
               + " = ?"));
   int idx = 1;
   PreparedStatement ps = conn.prepareStatement(query);
   if (is_new) {
     ps.setInt(idx++, getId().intValue());
   }
   int new_mod_count = mod_count.intValue() + 1;
   ps.setInt(idx++, new_mod_count);
   ps.setTimestamp(idx++, date_entered);
   ps.setTimestamp(idx++, date_modified); // ---TODO: set to current time
   ps.setString(idx++, getName());
   ps.setString(idx++, getStatus());
   ps.setInt(idx++, getProduct().getId().intValue());
   if (!is_new) {
     ps.setInt(idx++, getId().intValue());
   }
   ps.executeUpdate();
   ps.close();
   // Only increment the mod_count if there was no exception during the save.
   setModCount(new Integer(new_mod_count));
 }
 private void DELToDb() {
   Connection con = null;
   PreparedStatement pstmt = null;
   try {
     con = DbConnectionManager.getConnection();
     pstmt = con.prepareStatement(Del_ware);
     System.out.println(Del_ware);
     pstmt.setInt(1, this.Status);
     pstmt.setInt(2, this.Id);
     pstmt.executeUpdate();
   } catch (SQLException sqle) {
     System.err.println("错误位置: DbShop.java:DELToDb(): " + sqle);
     sqle.printStackTrace();
   } finally {
     try {
       pstmt.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
     try {
       con.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
   }
 }
 private void insertIntoDb() {
   Connection con = null;
   PreparedStatement pstmt = null;
   try {
     con = DbConnectionManager.getConnection();
     pstmt = con.prepareStatement(INSERT_WARE);
     pstmt.setInt(1, this.Id);
     pstmt.setString(2, StringUtils.toChinese(this.Pname));
     pstmt.setString(3, StringUtils.toChinese(this.Pmodel));
     pstmt.setString(4, StringUtils.toChinese(this.Pcost));
     pstmt.setString(5, StringUtils.toChinese(this.Pheft));
     pstmt.setString(6, StringUtils.toChinese(this.Pfacturer));
     pstmt.setString(7, StringUtils.toChinese(this.Pnote));
     pstmt.setString(8, StringUtils.toChinese(this.Createdate));
     pstmt.setInt(9, this.Status);
     pstmt.executeUpdate();
   } catch (SQLException sqle) {
     System.err.println("错误位置: Dbware:insertIntoDb()-" + sqle);
     sqle.printStackTrace();
   } finally {
     try {
       pstmt.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
     try {
       con.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
   }
 }
 private void insertLog(HttpServletRequest req, Connection connection) throws SQLException {
   try (PreparedStatement stmt =
       connection.prepareStatement("INSERT INTO LOGGING (date,ip,url) VALUES (?,?,?)")) {
     stmt.setTimestamp(1, new Timestamp((new java.util.Date()).getTime()));
     stmt.setString(2, req.getRemoteAddr());
     stmt.setString(3, req.getRequestURI());
     stmt.executeUpdate();
   }
 }
  @Override
  public void doPost(HttpServletRequest req, HttpServletResponse resp) throws IOException {
    System.out.println("Clearing changes");
    Connection c = null;
    try {

      DriverManager.registerDriver(new AppEngineDriver());
      c = DriverManager.getConnection("jdbc:google:rdbms://trmrphdn:veebirakendused/andmebaas");
      String statement = "delete from kandidaat where nimi = 'Tandi Kaat'";
      PreparedStatement stmt = c.prepareStatement(statement);
      stmt.executeUpdate();

    } catch (SQLException e) {
      e.printStackTrace();
    }
  }
  protected void processRequest(HttpServletRequest request, HttpServletResponse response)
      throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
    try {
      Class.forName("com.mysql.jdbc.Driver").newInstance();
      Connection con =
          DriverManager.getConnection(Utility.connection, Utility.username, Utility.password);

      int user_id = Integer.parseInt(request.getParameter("user_id"));
      int question_id = Integer.parseInt(request.getParameter("question_id"));
      int option = Integer.parseInt(request.getParameter("option"));

      System.out.println("uid: " + user_id + "\nquestion: " + question_id + "\noption: " + option);
      String str1 = "INSERT INTO VOTES(USER_ID, QUESTION_ID,OPTION_VOTED) VALUES (?,?,?)";
      PreparedStatement prep1 = con.prepareStatement(str1);
      prep1.setInt(1, user_id);
      prep1.setInt(3, option);
      prep1.setInt(2, question_id);
      prep1.execute();

      String str2 = "SELECT OPTION_" + option + " FROM ARCHIVE_VOTES WHERE QUESTION_ID=?";
      PreparedStatement prep2 = con.prepareStatement(str2);
      prep2.setInt(1, question_id);
      int count = 0;
      ResultSet rs2 = prep2.executeQuery();
      if (rs2.next()) {
        count = rs2.getInt("OPTION_" + option);
      }
      count++;
      String str3 = "UPDATE ARCHIVE_VOTES SET OPTION_" + option + "=? WHERE QUESTION_ID=?";
      PreparedStatement prep3 = con.prepareStatement(str3);
      prep3.setInt(1, count);
      prep3.setInt(2, question_id);
      prep3.executeUpdate();

      out.print("You Vote has been recorded! Thank you!");
      System.out.println(
          "Voted for question " + question_id + ", by user " + user_id + ", for option " + option);

    } catch (Exception e) {
      e.printStackTrace();
    } finally {
      out.close();
    }
  }
Example #8
0
 public void service(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   response.setContentType("text/html");
   PrintWriter out = response.getWriter();
   try {
     String username = request.getParameter("t1");
     String password = request.getParameter("t2");
     String email = request.getParameter("t4");
     String college = request.getParameter("t5");
     String phone = request.getParameter("t6");
     String country = request.getParameter("t7");
     String languages = request.getParameter("t8");
     Class.forName("oracle.jdbc.driver.OracleDriver");
     Connection con =
         DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe", "system", "tiger");
     PreparedStatement pst = con.prepareStatement("insert into stu_tab values(?,?,?,?,?,?,?)");
     pst.setString(1, username);
     pst.setString(2, password);
     pst.setString(3, email);
     pst.setString(4, college);
     pst.setString(5, phone);
     pst.setString(6, country);
     pst.setString(7, languages);
     int i = pst.executeUpdate();
     if (i != 0) {
       out.println("<html><body align=center bgcolor=#C0C0C0 text=black>");
       out.println("<h3>!.. Registration Successful !..</h3>");
       out.println(
           "<a href=Slogin1.html style=text-decoration:none>click here</a>&nbsp;to go back to login page");
       out.println("</body></html>");
     } else {
       out.println("<html><body align=center bgcolor=#C0C0C0 text=black>");
       out.println("<h3>!.. Registration Failed !..</h3>");
       out.println(
           "<a href=Slogin1.html style=text-decoration:none>click here</a>&nbsp;to go back to login page");
       out.println("</body></html>");
     }
   } catch (Exception e) {
     out.println(e);
   }
 }
  /* goodB2G() - use badsource and goodsink */
  private void goodB2G(HttpServletRequest request, HttpServletResponse response) throws Throwable {
    String data =
        (new CWE89_SQL_Injection__getQueryString_Servlet_executeUpdate_61b())
            .goodB2GSource(request, response);

    Connection dbConnection = null;
    PreparedStatement sqlStatement = null;

    try {
      /* FIX: Use prepared statement and executeUpdate (properly) */
      dbConnection = IO.getDBConnection();
      sqlStatement =
          dbConnection.prepareStatement(
              "insert into users (status) values ('updated') where name=?");
      sqlStatement.setString(1, data);

      int rowCount = sqlStatement.executeUpdate();

      IO.writeLine("Updated " + rowCount + " rows successfully.");
    } catch (SQLException exceptSql) {
      IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
    } finally {
      try {
        if (sqlStatement != null) {
          sqlStatement.close();
        }
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
      }

      try {
        if (dbConnection != null) {
          dbConnection.close();
        }
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
      }
    }
  }
 public void doGet(HttpServletRequest request, HttpServletResponse response) {
   try {
     String comment = request.getParameter("comment");
     int answerId = Integer.parseInt(request.getParameter("answer_id"));
     Connection connection = GlobalResources.getConnection();
     Statement s;
     s = connection.createStatement();
     PreparedStatement preparedStatement;
     PreparedStatement preparedStatement1;
     preparedStatement =
         connection.prepareStatement("insert into comment(comment,answer_id) values(?,?)");
     preparedStatement.setString(1, comment);
     preparedStatement.setInt(2, answerId);
     preparedStatement.executeUpdate();
     preparedStatement.close();
     connection.close();
     RequestDispatcher requestDispatcher;
     requestDispatcher = request.getRequestDispatcher("/studenthome.jsp");
     requestDispatcher.forward(request, response);
   } catch (Exception e) {
   }
 }
 public void doPost(HttpServletRequest request, HttpServletResponse response)
     throws ServletException, IOException {
   // I use "session" in order to throws the object named user bean.
   HttpSession session = request.getSession(true);
   response.setContentType("text/html");
   request.setCharacterEncoding("UTF-8");
   UserBean ub = (UserBean) session.getAttribute("user");
   if (ub == null) {
     String haveLogin = "******";
     session.setAttribute("haveLogin", haveLogin);
     response.sendRedirect("cart");
   } else {
     String mID = ub.getmID();
     String iID = (String) request.getParameter("iID");
     // String idx = (String)request.getParameter("idx");
     Connection conn = null;
     try {
       // Getting the connection from database.
       Class.forName("com.mysql.jdbc.Driver");
       /*conn = DriverManager
       .getConnection("jdbc:mysql://localhost/se?"
       		+ "user=root");*/
       conn =
           DriverManager.getConnection(
               "jdbc:mysql://localhost/user_register?"
                   + "user=sqluser&password=sqluserpw&useUnicode=true&characterEncoding=UTF-8");
       String sql = "delete from cart_item_mapping where mID=? and iID = ?";
       PreparedStatement pst = conn.prepareStatement(sql);
       // Using preparedstatement by set the parameter related to "?" symbol.
       pst.setString(1, mID);
       pst.setString(2, iID);
       pst.executeUpdate();
       pst.close();
       response.sendRedirect("ShowCartController");
     } catch (Exception e) {
       e.printStackTrace();
     }
   }
 }
  /* goodB2G() - use badsource and goodsink */
  public void goodB2G_sink(Object data_obj) throws Throwable {
    String data = (String) data_obj;

    Logger log2 = Logger.getLogger("local-logger");

    Connection conn_tmp2 = null;
    PreparedStatement sqlstatement = null;

    try {
      /* FIX: use prepared sqlstatement */
      conn_tmp2 = IO.getDBConnection();
      sqlstatement =
          conn_tmp2.prepareStatement("insert into users (status) values ('updated') where name=?");
      sqlstatement.setString(1, data);

      int iResult = sqlstatement.executeUpdate();

      IO.writeString("Updated " + iResult + " rows successfully.");
    } catch (SQLException se) {
      log2.warning("Error getting database connection");
    } finally {
      try {
        if (sqlstatement != null) {
          sqlstatement.close();
        }
      } catch (SQLException e) {
        log2.warning("Error closing sqlstatement");
      } finally {
        try {
          if (conn_tmp2 != null) {
            conn_tmp2.close();
          }
        } catch (SQLException e) {
          log2.warning("Error closing conn_tmp2");
        }
      }
    }
  }
Example #13
0
 protected static void clear() {
   Connection con = null;
   PreparedStatement pstmt = null;
   try {
     con = DbConnectionManager.getConnection();
     pstmt = con.prepareStatement(CLEAR_WARE);
     pstmt.executeUpdate();
   } catch (SQLException sqle) {
     System.err.println("SQLException in DbTChatRooms.java:clearTChatRooms(): " + sqle);
     sqle.printStackTrace();
   } finally {
     try {
       pstmt.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
     try {
       con.close();
     } catch (Exception e) {
       e.printStackTrace();
     }
   }
 }
  /* goodB2G() - use badsource and goodsink */
  public void goodB2GSink() throws Throwable {
    String data = CWE89_SQL_Injection__Environment_executeUpdate_68a.data;

    Connection dbConnection = null;
    PreparedStatement sqlStatement = null;

    try {
      /* FIX: Use prepared statement and executeUpdate (properly) */
      dbConnection = IO.getDBConnection();
      sqlStatement =
          dbConnection.prepareStatement(
              "insert into users (status) values ('updated') where name=?");
      sqlStatement.setString(1, data);

      int rowCount = sqlStatement.executeUpdate();

      IO.writeLine("Updated " + rowCount + " rows successfully.");
    } catch (SQLException exceptSql) {
      IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
    } finally {
      try {
        if (sqlStatement != null) {
          sqlStatement.close();
        }
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
      }

      try {
        if (dbConnection != null) {
          dbConnection.close();
        }
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
      }
    }
  }
  public void _jspService(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException, ServletException {

    PageContext pageContext = null;
    HttpSession session = null;
    ServletContext application = null;
    ServletConfig config = null;
    JspWriter out = null;
    Object page = this;
    JspWriter _jspx_out = null;
    PageContext _jspx_page_context = null;

    try {
      response.setContentType("text/html");
      pageContext = _jspxFactory.getPageContext(this, request, response, null, true, 8192, true);
      _jspx_page_context = pageContext;
      application = pageContext.getServletContext();
      config = pageContext.getServletConfig();
      session = pageContext.getSession();
      out = pageContext.getOut();
      _jspx_out = out;

      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("<!--%@ page errorPage=\"/error.jsp\" %-->\n");

      response.setHeader("Pragma", "no-cache"); // HTTP 1.0
      response.setDateHeader("Expires", 0);
      response.setHeader("Cache-Control", "no-cache"); // HTTP 1.1

      String _adminid = "";
      String _adminname = "";
      String _admintype = "";
      String _admingroup = "";
      String _approval = "";
      String _adminclass = "";
      String _adminmail = "";

      try {

        _adminid = (String) session.getAttribute("adminid");

        if (_adminid == null || _adminid.length() == 0 || _adminid.equals("null")) {
          response.sendRedirect("/admin/login_first.html");
          return;
        }

        _adminname = (String) session.getAttribute("adminname");
        _admintype = (String) session.getAttribute("admintype");
        _admingroup = (String) session.getAttribute("admingroup");
        _approval = (String) session.getAttribute("approval");
        _adminclass = (String) session.getAttribute("adminclass");
        _adminmail = (String) session.getAttribute("admin_email");
        // session.setMaxInactiveInterval(60*60);

      } catch (Exception e) {
        response.sendRedirect("/admin/login_first.html");
        return;
      }

      out.write('\n');
      out.write('\n');
      out.write('\n');

      String password = request.getParameter("password");
      String fromURL = request.getParameter("fromURL");
      String oldPassword = "";

      String sql = "";
      int iCnt = 0;
      boolean isSucceeded = false;
      String strMsg = "";
      Connection conn = null;
      MatrixDataSet matrix = null;
      DataProcess dataProcess = null;
      PreparedStatement pstmt = null;

      String targetUrl = "";

      try {

        if (password.equals("1111")) {
          throw new UserDefinedException(
              "The new password is not acceptable. Change your password.");
        }

        Context ic = new InitialContext();
        DataSource ds = (DataSource) ic.lookup("java:comp/env/jdbc/scm");
        conn = ds.getConnection();
        matrix = new dbconn.MatrixDataSet();
        dataProcess = new DataProcess();

        sql =
            " select  password " + " from    admin_01t " + " where   adminid = '" + _adminid + "' ";

        iCnt = dataProcess.RetrieveData(sql, matrix, conn);

        if (iCnt > 0) {
          oldPassword = matrix.getRowData(0).getData(0);
        } else {
          throw new UserDefinedException("Can't find User Information.");
        }

        if (password.equals(oldPassword)) {
          throw new UserDefinedException(
              "The new password is not acceptable. Change your password.");
        }

        // update ó¸®...
        int idx = 0;
        conn.setAutoCommit(false);

        sql =
            " update  admin_01t "
                + " set     password = ?, pw_date = sysdate() "
                + " where   adminid = ? ";

        pstmt = conn.prepareStatement(sql);
        pstmt.setString(++idx, password);
        pstmt.setString(++idx, _adminid);

        iCnt = pstmt.executeUpdate();

        if (iCnt != 1) {
          throw new UserDefinedException("Password update failed.");
        }

        conn.commit();
        isSucceeded = true;

      } catch (UserDefinedException ue) {
        try {
          conn.rollback();
        } catch (Exception ex) {
        }

        strMsg = ue.getMessage();
      } catch (Exception e) {
        try {
          conn.rollback();
        } catch (Exception ex) {
        }

        System.out.println("Exception /admin/resetAdminPasswd : " + e.getMessage());
        throw e;
      } finally {
        if (pstmt != null) {
          try {
            pstmt.close();
          } catch (Exception e) {
          }
        }

        if (conn != null) {
          try {
            conn.setAutoCommit(true);
          } catch (Exception e) {
          }
          conn.close();
        }
      }

      // °á°ú ¸Þ½ÃÁö ó¸®
      if (isSucceeded) {
        // where to go?
        if (fromURL.equals("menu")) {
          targetUrl = "";
        } else {
          targetUrl = "/admin/index2.jsp";
        }
        strMsg = "The data are successfully processed.";
      } else {
        strMsg = "The operation failed.\\n" + strMsg;
        targetUrl = "/admin/resetAdminPasswdForm.jsp";
      }

      out.write("\n");
      out.write("<html>\n");
      out.write("<head>\n");
      out.write("<title></title>\n");
      out.write("<link href=\"/common/css/style.css\" rel=\"stylesheet\" type=\"text/css\">\n");
      out.write("</head>\n");
      out.write("<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0'>\n");
      out.write("<form name=\"form1\" method=\"post\" action=\"");
      out.print(targetUrl);
      out.write("\">\n");
      out.write("<input type='hidden' name='fromURL' value='");
      out.print(fromURL);
      out.write("'>\n");
      out.write("</form>\n");
      out.write("<script language=\"javascript\">\n");
      if (targetUrl.length() > 0) {
        out.write("\n");
        out.write("  alert('");
        out.print(strMsg);
        out.write("');\n");
        out.write("  document.form1.submit();\n");
      }
      out.write("\n");
      out.write("</script>\n");
      out.write("<table width='840' border='0' cellspacing='0' cellpadding='0'><tr><td>\n");
      out.write("\n");
      out.write("<table width='99%' border='0' cellspacing='0' cellpadding='0'>\n");
      out.write("<tr>\n");
      out.write("  <td height='15' colspan='2'></td>\n");
      out.write("</tr>\n");
      out.write("<tr>\n");
      out.write("  <td width='3%'><img src='/img/title_icon.gif'></td>\n");
      out.write("  <td width='*' class='left_title'>Password Change</td>\n");
      out.write("</tr>\n");
      out.write("<tr>\n");
      out.write("  <td width='100%' height='2' colspan='2'><hr width='100%'></td>\n");
      out.write("</tr>\n");
      out.write("<tr>\n");
      out.write("  <td height='10' colspan='2'></td>\n");
      out.write("</tr>\n");
      out.write("</table>\n");
      out.write("\n");
      out.write("<table width='90%' border='0' cellspacing='0' cellpadding='0' align='center'>\n");
      out.write("<tr>\n");
      out.write("  <td width='100%' align='center'><img border=\"0\" src=\"/img/pass.jpg\">\n");
      out.write("    <br><br>\n");
      out.write("    <b>The Password has been changed successfully.</b></td>\n");
      out.write("</tr>\n");
      out.write("</table>\n");

      out.println(CopyRightLogo());

      out.write("\n");
      out.write("</tr></td></table>\n");
      out.write("</body>\n");
      out.write("</html>");
    } catch (Throwable t) {
      if (!(t instanceof SkipPageException)) {
        out = _jspx_out;
        if (out != null && out.getBufferSize() != 0)
          try {
            out.clearBuffer();
          } catch (java.io.IOException e) {
          }
        if (_jspx_page_context != null) _jspx_page_context.handlePageException(t);
      }
    } finally {
      _jspxFactory.releasePageContext(_jspx_page_context);
    }
  }
Example #16
0
  public void _jspService(HttpServletRequest request, HttpServletResponse response)
      throws java.io.IOException, ServletException {

    PageContext pageContext = null;
    HttpSession session = null;
    ServletContext application = null;
    ServletConfig config = null;
    JspWriter out = null;
    Object page = this;
    JspWriter _jspx_out = null;
    PageContext _jspx_page_context = null;

    try {
      response.setContentType("text/html;charset=UTF-8");
      pageContext = _jspxFactory.getPageContext(this, request, response, null, true, 8192, true);
      _jspx_page_context = pageContext;
      application = pageContext.getServletContext();
      config = pageContext.getServletConfig();
      session = pageContext.getSession();
      out = pageContext.getOut();
      _jspx_out = out;
      _jspx_resourceInjector =
          (org.glassfish.jsp.api.ResourceInjector)
              application.getAttribute("com.sun.appserv.jsp.resource.injector");

      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("\n");
      out.write("<!DOCTYPE html>\n");
      out.write("<html>\n");
      out.write("    <head>\n");
      out.write(
          "        <meta http-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\n");
      out.write("        <title>Fine</title>\n");
      out.write("        <link rel=\"stylesheet\" type=\"text/css\" href=\"style.css\">    \n");
      out.write("\n");
      out.write("    </head>\n");
      out.write("    <body style = \"background-image: url(lib2.jpg)\">         \n");
      out.write("    <center>\n");
      out.write("        <h1>Update Fines information</h1>\n");
      out.write("        <form name=\"Update\" action=\"Fines_upd.jsp\">\n");
      out.write("            <table border=\"0\" width=\"3\" cellspacing=\"2\">\n");
      out.write("                <thead>\n");
      out.write("                    <tr>\n");
      out.write("                        <th>Update Fines</th>\n");
      out.write("                        <th></th>\n");
      out.write("                    </tr>\n");
      out.write("                </thead>\n");
      out.write("                <tbody>\n");
      out.write("                    <tr>\n");
      out.write("                        <td>Update Fine table with todays Data</td>\n");
      out.write(
          "                        <td><input type=\"submit\" value=\"Update / View Fines\" name=\"SUBMIT\"/></td>\n");
      out.write("                    </tr>\n");
      out.write("                </tbody>\n");
      out.write("            </table>           \n");
      out.write("        </form>\n");
      out.write("        <h1>Check your Fines Here</h1>\n");
      out.write("        <form name=\"Fines\" action=\"Fines.jsp\">\n");
      out.write("            <table border=\"0\" width=\"3\" cellspacing=\"2\">\n");
      out.write("                <thead>\n");
      out.write("                    <tr>\n");
      out.write("                        <th>Get Fine Details</th>\n");
      out.write("                        <th></th>\n");
      out.write("                    </tr>\n");
      out.write("                </thead>\n");
      out.write("                <tbody>\n");
      out.write("                    <tr>\n");
      out.write("                        <td>Card No</td>\n");
      out.write(
          "                        <td><input type=\"text\" name=\"Card_no\" value=\"\"/></td>\n");
      out.write("                    </tr>\n");
      out.write("                    <tr>\n");
      out.write("                        <td></td>\n");
      out.write(
          "                        <td><input type=\"submit\" value=\"Get Fines\" name=\"SUBMIT\" /></td>\n");
      out.write("                    </tr>\n");
      out.write("                </tbody>\n");
      out.write("            </table>        \n");
      out.write("            ");

      Connection con = null;
      String[] selected_Checkboxes = request.getParameterValues("chk");
      PreparedStatement pst = null;
      ResultSet result = null;
      ResultSet resUpd = null;
      con =
          DriverManager.getConnection(
              "jdbc:mysql://localhost:3306/lbms_db?zeroDateTimeBehavior=convertToNull",
              "root",
              "admin12");
      String Card_no = request.getParameter("Card_no");
      String button = null;
      Date dt = new Date();
      SimpleDateFormat sdf = new SimpleDateFormat("yyyy/MM/dd");
      String current_date = sdf.format(dt);
      if (Card_no != null && selected_Checkboxes == null) {
        String selSql =
            "SELECT  l.card_no, SUM(f.fine_amt) AS total_fine, f.paid  "
                + "FROM book_loans l, fines f  "
                + "WHERE l.loan_id = f.loan_id AND "
                + "l.card_no = "
                + Card_no
                + " "
                + "GROUP BY l.card_no";
        pst = con.prepareStatement(selSql);
        result = pst.executeQuery();
        String box = null;
        String paid;
        String pay;
        Boolean chk = false;
        out.println("<table>");
        pay = "<form action='Fines.jsp'>";
        out.println(pay);
        out.println("<tr>");
        out.println("<th>Card No</th>");
        out.println("<th>Fine_Amt</th>");
        out.println("<th>Paid OR Not</th>");
        out.println("</tr>");
        while (result.next()) {
          chk = true;
          paid = "No";
          if (result.getBoolean("f.paid")) {
            paid = "Yes";
          }

          out.println("<tr>");
          out.println(
              "<td>"
                  + result.getInt("l.card_no")
                  + "</td><td>"
                  + result.getString("total_fine")
                  + "</td><td>"
                  + paid
                  + "</td>");
          out.print("<td>");
          box = "<input name='chk' value=" + result.getInt("l.card_no") + " type='checkbox'>";
          out.print(box);
          out.print("</td>");
          out.print("</tr>");
        }

        if (chk == true) {
          out.println("<tr>");
          out.print("<td>");
          button = "<input type='submit' value='Pay Fine' name='Pay'>";
          out.print(button);
          out.print("</td>");
          out.println("</tr>");
        } else {

          out.write(
              "<dialog open> <font color = 'green'>No Fine information. You owe nothing! Thank You</font> </dialog>");
        }
        out.println("</form>");
        out.println("</table>");
      } else if (selected_Checkboxes != null) {
        String sqlLoan = null;
        ResultSet resultLoan = null;
        String sqlUpdFine = null;
        PreparedStatement pstUpd = null;
        String sqlBook = null;
        ResultSet rsltBook = null;
        char chkouts = 'N';

        int length_chk = selected_Checkboxes.length;
        for (int i = 0; i < length_chk; i++) {
          // Check whether the Book is returned before paying the fine.
          sqlBook =
              "SELECT COUNT(loan_id) AS no_chkouts FROM book_loans WHERE card_no = "
                  + selected_Checkboxes[i]
                  + " AND date_in = '0000-00-00' AND due_date < "
                  + current_date
                  + "";
          pst = con.prepareStatement(sqlBook);
          rsltBook = pst.executeQuery();
          while (rsltBook.next()) {
            if (rsltBook.getInt("no_chkouts") > 0) {
              chkouts = 'Y';
            }
          }
          if (chkouts == 'Y') {

            out.write(
                "<dialog open> <font color = 'red'>You have outstanding due checkouts!. Please return the books and then Pay the fine</font> </dialog>");
          }
          // Get the corresponding loan_Ids for each customer from Fines table

          sqlLoan =
              "SELECT loan_id FROM book_loans WHERE card_no = "
                  + selected_Checkboxes[i]
                  + " AND date_in IS NOT NULL AND due_date < date_in";
          pst = con.prepareStatement(sqlLoan);
          resultLoan = pst.executeQuery();
          while (resultLoan.next()) {
            sqlUpdFine =
                "UPDATE fines SET paid = true WHERE loan_id = " + resultLoan.getInt("loan_id") + "";
            pstUpd = con.prepareStatement(sqlUpdFine);
            pstUpd.executeUpdate();
            out.println("Payment Updated Successfully");
          }
        }
      }

      out.write("\n");
      out.write("        </form>        \n");
      out.write("    </center>\n");
      out.write("</body>\n");
      out.write("</html>\n");
    } catch (Throwable t) {
      if (!(t instanceof SkipPageException)) {
        out = _jspx_out;
        if (out != null && out.getBufferSize() != 0) out.clearBuffer();
        if (_jspx_page_context != null) _jspx_page_context.handlePageException(t);
        else throw new ServletException(t);
      }
    } finally {
      _jspxFactory.releasePageContext(_jspx_page_context);
    }
  }
  /* goodB2G2() - use badsource and goodsink by reversing statements in second if  */
  private void goodB2G2() throws Throwable {
    String data;
    if (5 == 5) {
      data = ""; /* Initialize data */
      {
        File file = new File("C:\\data.txt");
        FileInputStream streamFileInput = null;
        InputStreamReader readerInputStream = null;
        BufferedReader readerBuffered = null;
        try {
          /* read string from file into data */
          streamFileInput = new FileInputStream(file);
          readerInputStream = new InputStreamReader(streamFileInput, "UTF-8");
          readerBuffered = new BufferedReader(readerInputStream);
          /* POTENTIAL FLAW: Read data from a file */
          /* This will be reading the first "line" of the file, which
           * could be very long if there are little or no newlines in the file */
          data = readerBuffered.readLine();
        } catch (IOException exceptIO) {
          IO.logger.log(Level.WARNING, "Error with stream reading", exceptIO);
        } finally {
          /* Close stream reading objects */
          try {
            if (readerBuffered != null) {
              readerBuffered.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing BufferedReader", exceptIO);
          }

          try {
            if (readerInputStream != null) {
              readerInputStream.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing InputStreamReader", exceptIO);
          }

          try {
            if (streamFileInput != null) {
              streamFileInput.close();
            }
          } catch (IOException exceptIO) {
            IO.logger.log(Level.WARNING, "Error closing FileInputStream", exceptIO);
          }
        }
      }
    } else {
      /* INCIDENTAL: CWE 561 Dead Code, the code below will never run
       * but ensure data is inititialized before the Sink to avoid compiler errors */
      data = null;
    }

    if (5 == 5) {
      Connection dbConnection = null;
      PreparedStatement sqlStatement = null;
      try {
        /* FIX: Use prepared statement and executeUpdate (properly) */
        dbConnection = IO.getDBConnection();
        sqlStatement =
            dbConnection.prepareStatement(
                "insert into users (status) values ('updated') where name=?");
        sqlStatement.setString(1, data);
        int rowCount = sqlStatement.executeUpdate();
        IO.writeLine("Updated " + rowCount + " rows successfully.");
      } catch (SQLException exceptSql) {
        IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql);
      } finally {
        try {
          if (sqlStatement != null) {
            sqlStatement.close();
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error closing PreparedStatement", exceptSql);
        }

        try {
          if (dbConnection != null) {
            dbConnection.close();
          }
        } catch (SQLException exceptSql) {
          IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql);
        }
      }
    }
  }