@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
javax.servlet.http.Cookie[] theCookies = request.getCookies();
String param = "";
if (theCookies != null) {
for (javax.servlet.http.Cookie theCookie : theCookies) {
if (theCookie.getName().equals("vector")) {
param = java.net.URLDecoder.decode(theCookie.getValue(), "UTF-8");
break;
}
}
}
String bar = doSomething(param);
String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
int count = statement.executeUpdate(sql);
org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
return;
} else throw new ServletException(e);
}
} // end doPost
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String[] values = request.getParameterValues("vector");
String param;
if (values != null && values.length > 0) param = values[0];
else param = "";
String bar = "safe!";
java.util.HashMap<String, Object> map82281 = new java.util.HashMap<String, Object>();
map82281.put("keyA-82281", "a_Value"); // put some stuff in the collection
map82281.put("keyB-82281", param); // put it in a collection
map82281.put("keyC", "another_Value"); // put some stuff in the collection
bar = (String) map82281.get("keyB-82281"); // get it back out
bar = (String) map82281.get("keyA-82281"); // get safe value back out
String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
int count = statement.executeUpdate(sql, java.sql.Statement.RETURN_GENERATED_KEYS);
org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
return;
} else throw new ServletException(e);
}
}
@Override
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
response.setContentType("text/html");
String param = "";
boolean flag = true;
java.util.Enumeration<String> names = request.getParameterNames();
while (names.hasMoreElements() && flag) {
String name = (String) names.nextElement();
String[] values = request.getParameterValues(name);
if (values != null) {
for (int i = 0; i < values.length && flag; i++) {
String value = values[i];
if (value.equals("vector")) {
param = name;
flag = false;
}
}
}
}
String bar = doSomething(param);
String sql = "INSERT INTO users (username, password) VALUES ('foo','" + bar + "')";
try {
java.sql.Statement statement = org.owasp.benchmark.helpers.DatabaseHelper.getSqlStatement();
int count = statement.executeUpdate(sql, new int[] {1, 2});
org.owasp.benchmark.helpers.DatabaseHelper.outputUpdateComplete(sql, response);
} catch (java.sql.SQLException e) {
if (org.owasp.benchmark.helpers.DatabaseHelper.hideSQLErrors) {
response.getWriter().println("Error processing request.");
return;
} else throw new ServletException(e);
}
} // end doPost
