public String checkValidLogin(String myUserName, String myPW) { try { Class.forName(javaSQLDriverPath); Connection conn = (Connection) DriverManager.getConnection(ConnectionPath, ConnectionUser, ConnectionPW); Statement st = conn.createStatement(); String query = "Select * from User"; ResultSet rs = st.executeQuery(query); while (rs.next()) { // return rs.getString("Username"); if (myUserName.equals(rs.getString("Username"))) { if (myPW.equals(rs.getString("Password"))) { setUserVariables(myUserName); return "success"; } else { return "wrongPassword"; } } } rs.close(); st.close(); conn.close(); return "userNotFound"; } catch (Exception e) { return e.getMessage(); } }
protected collegeTable getCollege(String id, Connection con) throws SQLException { try { ResultSet rs = null; Statement statement = con.createStatement(); rs = statement.executeQuery( "SELECT * FROM " + TABLECOLLEGES + " WHERE " + collegeTable.ID + " = " + id + " LIMIT 1"); // if found if (rs.next()) { collegeTable table = new collegeTable(); table.setID(id); table.setShort(rs.getString(collegeTable.SHORTNAME)); table.setFull(rs.getString(collegeTable.FULLNAME)); return table; } else { return null; // not found } } catch (Exception e) { log.writeException(e.getMessage()); throw new SQLException(e.getMessage()); } } // end getCollege
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); Statement stmt; ResultSet rs; Connection con = null; try { Class.forName("com.mysql.jdbc.Driver"); String connectionUrl = "jdbc:mysql://localhost/myflickr?" + "user=root&password=123456"; con = DriverManager.getConnection(connectionUrl); if (con != null) { System.out.println("connected to mysql"); } } catch (SQLException e) { System.out.println("SQL Exception: " + e.toString()); } catch (ClassNotFoundException cE) { System.out.println("Class Not Found Exception: " + cE.toString()); } try { stmt = con.createStatement(); System.out.println("SELECT * FROM flickrusers WHERE name='" + username + "'"); rs = stmt.executeQuery("SELECT * FROM flickrusers WHERE name='" + username + "'"); while (rs.next()) { if (rs.getObject(1).toString().equals(username)) { out.println("<h1>To username pou epileksate uparxei hdh</h1>"); out.println("<a href=\"project3.html\">parakalw dokimaste kapoio allo.</a>"); stmt.close(); rs.close(); return; } } stmt.close(); rs.close(); stmt = con.createStatement(); if (!stmt.execute("INSERT INTO flickrusers VALUES('" + username + "', '" + password + "')")) { out.println("<h1>Your registration is completed " + username + "</h1>"); out.println("<a href=\"index.jsp\">go to the login menu</a>"); registerListener.Register(username); } else { out.println("<h1>To username pou epileksate uparxei hdh</h1>"); out.println("<a href=\"project3.html\">Register</a>"); } } catch (SQLException e) { throw new ServletException("Servlet Could not display records.", e); } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { String data_copy; { String data; java.util.logging.Logger log_good = java.util.logging.Logger.getLogger("local-logger"); /* FIX: Use a hardcoded string */ data = "foo"; data_copy = data; } { String data = data_copy; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } } }
private void printOutLogs(Connection connection, PrintWriter out) throws SQLException { Statement select = connection.createStatement(); ResultSet result = select.executeQuery("SELECT * FROM LOGGING ORDER BY DATE ASC"); while (result.next()) { Timestamp date = result.getTimestamp("DATE"); String ip = result.getString("IP"); String url = result.getString("URL"); out.println(date + "\t\t" + ip + "\t\t" + url); } }
/* goodG2B() - use goodsource and badsink */ private void goodG2B(HttpServletRequest request, HttpServletResponse response) throws Throwable { String dataCopy; { String data; /* FIX: Use a hardcoded string */ data = "foo"; dataCopy = data; } { String data = dataCopy; Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void bad() throws Throwable { String data; if (IO.staticTrue) { /* get environment variable ADD */ /* POTENTIAL FLAW: Read data from an environment variable */ data = System.getenv("ADD"); } else { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } if (IO.staticTrue) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
/* goodG2B1() - use goodsource and badsink by changing first IO.STATIC_FINAL_FIVE==5 to IO.STATIC_FINAL_FIVE!=5 */ private void goodG2B1() throws Throwable { String data; if (IO.STATIC_FINAL_FIVE != 5) { /* INCIDENTAL: CWE 561 Dead Code, the code below will never run * but ensure data is inititialized before the Sink to avoid compiler errors */ data = null; } else { /* FIX: Use a hardcoded string */ data = "foo"; } if (IO.STATIC_FINAL_FIVE == 5) { Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } } }
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); PrintWriter toClient = res.getWriter(); toClient.println("<!DOCTYPE HTML>"); toClient.println("<html>"); toClient.println("<head><title>Books</title></head>"); toClient.println("<body>"); toClient.println("<a href=\"index.html\">Home</A>"); toClient.println("<h2>List of books</h2>"); HttpSession session = req.getSession(false); if (session != null) { String name = (String) session.getAttribute("name"); if (name != null) { toClient.println("<h2>name: " + name + "</h2>"); } } toClient.print("<form action=\"bookOpinion\" method=GET>"); toClient.println("<table border='1'>"); String sql = "Select code, title, author FROM books"; System.out.println(sql); try { Statement statement = connection.createStatement(); ResultSet result = statement.executeQuery(sql); while (result.next()) { toClient.println("<tr>"); String codeStr = result.getString("code"); toClient.println( "<td><input type=\"radio\" name=\"book" + "\" value=\"" + codeStr + "\"></td>"); toClient.println("<td>" + codeStr + "</td>"); toClient.println("<td>" + result.getString("title") + "</td>"); toClient.println("<td>" + result.getString("author") + "</td>"); toClient.println("</tr>"); } } catch (SQLException e) { e.printStackTrace(); System.out.println("Resulset: " + sql + " Exception: " + e); } toClient.println("</table>"); toClient.println("<textarea rows=\"8\" cols=\"60\" name=\"comment\"></textarea><BR>"); toClient.println("<input type=submit>"); toClient.println("</form>"); toClient.println("</body>"); toClient.println("</html>"); toClient.close(); }
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException { try { res.setContentType("text/html"); pw = res.getWriter(); Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con = DriverManager.getConnection("jdbc:odbc:com", "o7it58", "yajiv32737"); st = con.createStatement(); pw.println("<html>"); pw.println("<head><title>Welcome</title></head>"); pw.println("<body>"); s = req.getParameter("login"); if (s.equals("Submit")) { uname = req.getParameter("firstname"); pass = req.getParameter("pwd"); PrintWriter out = new PrintWriter(new FileWriter("log.txt"), true); out.println(uname); rs = st.executeQuery( "select type from login where username='******' and password='******'"); if (rs.next()) { type = rs.getString("type"); } else { pw.println("<center>"); pw.println("User does not exists"); pw.println("</center>"); } if (type.equals("admin")) { pw.println( "<a href=\"http://localhost:8080/servlet/AdminLogin\">Hello Admin.Please Click Here</a>"); } else if (type.equals("staff")) { pw.println( "<a href=\"http://localhost:8080/servlet/StaffLogin\">Hello Staff.Please Click Here</a>"); } else { pw.println( "<a href=\"http://localhost:8080/servlet/StudentLogin\">Hello Student.Please Click Here</a>"); } } pw.println("</body></html>"); } catch (Exception e) { } }
@Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // get a connection ConnectionPool pool = ConnectionPool.getInstance(); Connection connection = pool.getConnection(); String sqlStatement = request.getParameter("sqlStatement"); String sqlResult = ""; try { // create a statement Statement statement = connection.createStatement(); // parse the SQL string sqlStatement = sqlStatement.trim(); if (sqlStatement.length() >= 6) { String sqlType = sqlStatement.substring(0, 6); if (sqlType.equalsIgnoreCase("select")) { // create the HTML for the result set ResultSet resultSet = statement.executeQuery(sqlStatement); sqlResult = SQLUtil.getHtmlTable(resultSet); resultSet.close(); } else { int i = statement.executeUpdate(sqlStatement); if (i == 0) { sqlResult = "<p>The statement executed successfully.</p>"; } else { // an INSERT, UPDATE, or DELETE statement sqlResult = "<p>The statement executed successfully.<br>" + i + " row(s) affected.</p>"; } } } statement.close(); connection.close(); } catch (SQLException e) { sqlResult = "<p>Error executing the SQL statement: <br>" + e.getMessage() + "</p>"; } finally { pool.freeConnection(connection); } HttpSession session = request.getSession(); session.setAttribute("sqlResult", sqlResult); session.setAttribute("sqlStatement", sqlStatement); String url = "/index.jsp"; getServletContext().getRequestDispatcher(url).forward(request, response); }
/* goodG2B() - use goodsource and badsink */ public void goodG2B_sink(String data, HttpServletRequest request, HttpServletResponse response) throws Throwable { Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } }
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { Statement question; String query; ResultSet answer; connect(); try { query = "SELECT * FROM PILOT WHERE Address ='" + request.getParameter("city") + "'"; question = link.createStatement(); answer = question.executeQuery(query); PrintWriter pen; response.setContentType("text/html"); pen = response.getWriter(); pen.println("<HTML>"); pen.println("<HEAD> <TITLE> Answer </TITLE> </HEAD>"); pen.println("<BODY>"); while (answer.next()) { String pN = answer.getString("PilotNumber"); String lN = answer.getString("LastName"); String fN = answer.getString("FirstName"); String ad = answer.getString("Address"); float sa = answer.getFloat("Salary"); float pr = answer.getFloat("Premium"); Date hD = answer.getDate("HiringDate"); if (answer.wasNull() == false) { pen.println("<P><B> Pilot : </B>" + lN + " " + fN); pen.println("<P><B> ---Reference : </B>" + pN); pen.println("<P><B> ---Address : </B>" + ad); pen.println("<P><B> ---Salary : </B>" + sa); pen.println("<P><B> ---since : </B>" + hD); if (pr > 0) pen.println("<P><B> ---Premium : </B>" + pr); else pen.println("<P><B> ---No premium </B>"); } } pen.println("</BODY>"); pen.println("</HTML>"); answer.close(); question.close(); link.close(); } catch (SQLException e) { System.out.println("Connection error: " + e.getMessage()); } }
/* goodG2B() - use GoodSource and BadSink */ public void goodG2BSink(HashMap<Integer, String> dataHashMap) throws Throwable { String data = dataHashMap.get(2); Connection dbConnection = null; Statement sqlStatement = null; ResultSet resultSet = null; try { dbConnection = IO.getDBConnection(); sqlStatement = dbConnection.createStatement(); /* POTENTIAL FLAW: data concatenated into SQL statement used in executeQuery(), which could result in SQL Injection */ resultSet = sqlStatement.executeQuery("select * from users where name='" + data + "'"); IO.writeLine(resultSet.getRow()); /* Use ResultSet in some way */ } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error getting database connection", exceptSql); } finally { try { if (resultSet != null) { resultSet.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing ResultSet", exceptSql); } try { if (sqlStatement != null) { sqlStatement.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Statement", exceptSql); } try { if (dbConnection != null) { dbConnection.close(); } } catch (SQLException exceptSql) { IO.logger.log(Level.WARNING, "Error closing Connection", exceptSql); } } }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); String dbUser = "******"; // enter your username here String dbPassword = "******"; // enter your password here try { OracleDataSource ods = new oracle.jdbc.pool.OracleDataSource(); ods.setURL("jdbc:oracle:thin:@//w4111b.cs.columbia.edu:1521/ADB"); ods.setUser(dbUser); ods.setPassword(dbPassword); Connection conn = ods.getConnection(); String query = new String(); Statement s = conn.createStatement(); query = "select * from events"; ResultSet r = s.executeQuery(query); while (r.next()) { out.println("Today's Date: " + r.getString(1) + " "); } r.close(); s.close(); conn.close(); } catch (Exception e) { out.println("The database could not be accessed.<br>"); out.println("More information is available as follows:<br>"); e.printStackTrace(out); } } // end doGet method
public void doPost(HttpServletRequest req, HttpServletResponse res) throws IOException, ServletException { res.setContentType("text/html"); PrintWriter out = res.getWriter(); out.println("vaishali mehta-130050131524"); out.println("<html>"); out.println("<body><table border='1'>"); out.println("<th>name</th>"); out.println("<th>password</th>"); try { rs = stmt.executeQuery("select *from records"); while (rs.next()) { tn = rs.getString("name"); tp = rs.getString("password"); out.println("<tr>"); out.println("<td>" + tn + "</td>"); out.println("<td>" + tp + "</td>"); out.println("</tr>"); } } catch (Exception e) { System.out.println(e); } out.println("</table></body></html>"); }
@Override public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { // create the workbook, its worksheet, and its title row Workbook workbook = new HSSFWorkbook(); Sheet sheet = workbook.createSheet("User table"); Row row = sheet.createRow(0); row.createCell(0).setCellValue("The User table"); // create the header row row = sheet.createRow(2); row.createCell(0).setCellValue("UserID"); row.createCell(1).setCellValue("LastName"); row.createCell(2).setCellValue("FirstName"); row.createCell(3).setCellValue("Email"); try { // read database rows ConnectionPool pool = ConnectionPool.getInstance(); Connection connection = pool.getConnection(); Statement statement = connection.createStatement(); String query = "SELECT * FROM User ORDER BY UserID"; ResultSet results = statement.executeQuery(query); // create spreadsheet rows int i = 3; while (results.next()) { row = sheet.createRow(i); row.createCell(0).setCellValue(results.getInt("UserID")); row.createCell(1).setCellValue(results.getString("LastName")); row.createCell(2).setCellValue(results.getString("FirstName")); row.createCell(3).setCellValue(results.getString("Email")); i++; } results.close(); statement.close(); connection.close(); } catch (SQLException e) { this.log(e.toString()); } // set response object headers response.setHeader("content-disposition", "attachment; filename=users.xls"); response.setHeader("cache-control", "no-cache"); // get the output stream String encodingString = request.getHeader("accept-encoding"); OutputStream out; if (encodingString != null && encodingString.contains("gzip")) { out = new GZIPOutputStream(response.getOutputStream()); response.setHeader("content-encoding", "gzip"); // System.out.println("User table encoded with gzip"); } else { out = response.getOutputStream(); // System.out.println("User table not encoded with gzip"); } // send the workbook to the browser workbook.write(out); out.close(); }
/** * Processes requests for both HTTP <code>GET</code> and <code>POST</code> methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); PrintWriter out = response.getWriter(); String username = request.getParameter("username"); String password = request.getParameter("password"); Statement stmt; ResultSet rs; if (username == null || password == null) { out.println("<h1>Invalid Register Request</h1>"); out.println("<a href=\"register.html\">Register</a>"); return; } Connection con = null; try { Class.forName("com.mysql.jdbc.Driver"); String connectionUrl = "jdbc:mysql://localhost/project3?" + "user=root&password=marouli"; con = DriverManager.getConnection(connectionUrl); if (con != null) { System.out.println("Ola ok me mysql"); } } catch (SQLException e) { System.out.println("SQL Exception: " + e.toString()); } catch (ClassNotFoundException cE) { System.out.println("Class Not Found Exception: " + cE.toString()); } try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT * FROM users WHERE username='******'"); if (rs.next()) { out.println("<h1>Username exists</h1>"); out.println("<a href=\"register.html\">Register</a>"); stmt.close(); rs.close(); con.close(); return; } stmt.close(); rs.close(); stmt = con.createStatement(); if (!stmt.execute("INSERT INTO users VALUES('" + username + "', '" + password + "')")) { out.println("<h1>You are now registered " + username + "</h1>"); out.println("<a href=\"index.jsp\">Login</a>"); int i; for (i = 0; i < listeners.size(); i++) listeners.get(i).UserRegistered(username); } else { out.println("<h1>Could not add your username to the db</h1>"); out.println("<a href=\"register.html\">Register</a>"); } stmt.close(); con.close(); } catch (SQLException e) { throw new ServletException("Servlet Could not display records.", e); } }
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Variable initializations. HttpSession session = request.getSession(); FileItem image_file = null; int record_id = 0; int image_id; // Check if a record ID has been entered. if (request.getParameter("recordID") == null || request.getParameter("recordID").equals("")) { // If no ID has been entered, send message to jsp. response_message = "<p><font color=FF0000>No Record ID Detected, Please Enter One.</font></p>"; session.setAttribute("msg", response_message); response.sendRedirect("UploadImage.jsp"); } try { // Parse the HTTP request to get the image stream. DiskFileUpload fu = new DiskFileUpload(); // Will get multiple image files if that happens and can be accessed through FileItems. List<FileItem> FileItems = fu.parseRequest(request); // Connect to the database and create a statement. conn = getConnected(drivername, dbstring, username, password); stmt = conn.createStatement(); // Process the uploaded items, assuming only 1 image file uploaded. Iterator<FileItem> i = FileItems.iterator(); while (i.hasNext()) { FileItem item = (FileItem) i.next(); // Test if item is a form field and matches recordID. if (item.isFormField()) { if (item.getFieldName().equals("recordID")) { // Covert record id from string to integer. record_id = Integer.parseInt(item.getString()); String sql = "select count(*) from radiology_record where record_id = " + record_id; int count = 0; try { rset = stmt.executeQuery(sql); while (rset != null && rset.next()) { count = (rset.getInt(1)); } } catch (SQLException e) { response_message = e.getMessage(); } // Check if recordID is in the database. if (count == 0) { // Invalid recordID, send message to jsp. response_message = "<p><font color=FF0000>Record ID Does Not Exist In Database.</font></p>"; session.setAttribute("msg", response_message); // Close connection. conn.close(); response.sendRedirect("UploadImage.jsp"); } } } else { image_file = item; if (image_file.getName().equals("")) { // No file, send message to jsp. response_message = "<p><font color=FF0000>No File Selected For Record ID.</font></p>"; session.setAttribute("msg", response_message); // Close connection. conn.close(); response.sendRedirect("UploadImage.jsp"); } } } // Get the image stream. InputStream instream = image_file.getInputStream(); BufferedImage full_image = ImageIO.read(instream); BufferedImage thumbnail = shrink(full_image, 10); BufferedImage regular_image = shrink(full_image, 5); // First, to generate a unique img_id using an SQL sequence. rset1 = stmt.executeQuery("SELECT image_id_sequence.nextval from dual"); rset1.next(); image_id = rset1.getInt(1); // Insert an empty blob into the table first. Note that you have to // use the Oracle specific function empty_blob() to create an empty blob. stmt.execute( "INSERT INTO pacs_images VALUES(" + record_id + "," + image_id + ", empty_blob(), empty_blob(), empty_blob())"); // to retrieve the lob_locator // Note that you must use "FOR UPDATE" in the select statement String cmd = "SELECT * FROM pacs_images WHERE image_id = " + image_id + " FOR UPDATE"; rset = stmt.executeQuery(cmd); rset.next(); BLOB myblobFull = ((OracleResultSet) rset).getBLOB(5); BLOB myblobThumb = ((OracleResultSet) rset).getBLOB(3); BLOB myblobRegular = ((OracleResultSet) rset).getBLOB(4); // Write the full size image to the blob object. OutputStream fullOutstream = myblobFull.getBinaryOutputStream(); ImageIO.write(full_image, "jpg", fullOutstream); // Write the thumbnail size image to the blob object. OutputStream thumbOutstream = myblobThumb.getBinaryOutputStream(); ImageIO.write(thumbnail, "jpg", thumbOutstream); // Write the regular size image to the blob object. OutputStream regularOutstream = myblobRegular.getBinaryOutputStream(); ImageIO.write(regular_image, "jpg", regularOutstream); // Commit the changes to database. stmt.executeUpdate("commit"); response_message = "<p><font color=00CC00>Upload Successful.</font></p>"; session.setAttribute("msg", response_message); instream.close(); fullOutstream.close(); thumbOutstream.close(); regularOutstream.close(); // Close connection. conn.close(); response.sendRedirect("UploadImage.jsp"); instream.close(); fullOutstream.close(); thumbOutstream.close(); regularOutstream.close(); // Close connection. conn.close(); } catch (Exception ex) { response_message = ex.getMessage(); } }
public void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); PrintWriter out = resp.getWriter(); Connection con = null; // init DB objects PreparedStatement pstmt = null; Statement stmt = null; ResultSet rs = null; try { con = dbConn.Connect("demopaul"); } catch (Exception ignore) { } String stype_id = req.getParameter("type_id"); int type_id = 0; String sgroup_id = req.getParameter("group_id"); int group_id = 0; String sitem_id = req.getParameter("item_id"); int item_id = 0; try { type_id = Integer.parseInt(stype_id); } catch (NumberFormatException ignore) { } try { group_id = Integer.parseInt(sgroup_id); } catch (NumberFormatException ignore) { } try { item_id = Integer.parseInt(sitem_id); } catch (NumberFormatException ignore) { } out.println( "<!-- type_id=" + type_id + ", group_id=" + group_id + ", item_id=" + item_id + " -->"); out.println("<script>"); out.println("function load_types() {"); out.println(" try {document.forms['frmSelect'].item_id.selectedIndex = -1; } catch (err) {}"); out.println(" document.forms['frmSelect'].group_id.selectedIndex = -1;"); out.println(" document.forms['frmSelect'].submit();"); out.println("}"); out.println("function load_groups() {"); out.println(" document.forms['frmSelect'].submit();"); out.println("}"); out.println("</script>"); out.println("<form name=frmSelect>"); // LOAD ACTIVITY TYPES out.println("<select name=type_id onchange=\"load_types()\">"); if (type_id == 0) { out.println("<option>CHOOSE TYPE</option>"); } try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT * FROM activity_types"); while (rs.next()) { Common_Config.buildOption(rs.getInt("type_id"), rs.getString("type_name"), type_id, out); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } out.println(""); out.println("</select>"); // LOAD ACTIVITIES BY GROUP TYPE out.println("<select name=group_id onchange=\"load_groups()\">"); if (type_id == 0) { out.println("<option>CHOOSE TYPE</option>"); } else { try { stmt = con.createStatement(); rs = stmt.executeQuery( "SELECT group_id, group_name FROM activity_groups WHERE type_id = " + type_id); rs.last(); if (rs.getRow() == 1) { group_id = rs.getInt("group_id"); out.println("<!-- ONLY FOUND 1 GROUP -->"); } else { out.println("<option value=\"0\">CHOOSE...</option>"); } rs.beforeFirst(); while (rs.next()) { Common_Config.buildOption( rs.getInt("group_id"), rs.getString("group_name"), group_id, out); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } } out.println(""); out.println("</select>"); if (group_id > 0) { // || sitem_id != null // LOAD ACTIVITIES BY ITEM TYPE out.println("<select name=item_id onchange=\"load_times()\">"); if (group_id == 0) { out.println("<option value=\"0\">CHOOSE GROUP</option>"); } else { try { stmt = con.createStatement(); rs = stmt.executeQuery( "SELECT item_id, item_name FROM activity_items WHERE group_id = " + group_id); rs.last(); if (rs.getRow() == 1) { item_id = rs.getInt("item_id"); out.println("<!-- ONLY FOUND 1 ITEM -->"); } else { out.println("<option value=\"0\">CHOOSE...</option>"); } rs.beforeFirst(); while (rs.next()) { Common_Config.buildOption( rs.getInt("item_id"), rs.getString("item_name"), item_id, out); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } } out.println(""); out.println("</select>"); } out.println("</form>"); out.println("<p><a href=\"Member_genrez\">Reset</a></p>"); try { con.close(); } catch (Exception ignore) { } out.close(); }
public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); PrintWriter out = resp.getWriter(); PreparedStatement pstmt = null; Statement stmt = null; ResultSet rs = null; HttpSession session = SystemUtils.verifyMem(req, out); // check for intruder if (session == null) return; Connection con = Connect.getCon(req); // get DB connection if (con == null) { resp.setContentType("text/html"); out.println(SystemUtils.HeadTitle("DB Connection Error")); out.println("<BODY><CENTER><BR>"); out.println("<BR><BR><H3>Database Connection Error</H3>"); out.println("<BR><BR>Unable to connect to the Database."); out.println("<BR>Please try again later."); out.println("<BR><BR>If problem persists, contact customer support."); out.println("<BR><BR>"); out.println("<a href=\"javascript:history.back(1)\">Return</a>"); out.println("</CENTER></BODY></HTML>"); out.close(); return; } // // Get needed vars out of session obj // String club = (String) session.getAttribute("club"); String user = (String) session.getAttribute("user"); String caller = (String) session.getAttribute("caller"); int activity_id = (Integer) session.getAttribute("activity_id"); int foretees_mode = 0; String stype_id = req.getParameter("type_id"); int type_id = 0; String sgroup_id = req.getParameter("group_id"); int group_id = 0; String sitem_id = req.getParameter("item_id"); int item_id = 0; try { type_id = Integer.parseInt(stype_id); } catch (NumberFormatException ignore) { } try { group_id = Integer.parseInt(sgroup_id); } catch (NumberFormatException ignore) { } try { item_id = Integer.parseInt(sitem_id); } catch (NumberFormatException ignore) { } out.println( "<!-- type_id=" + type_id + ", group_id=" + group_id + ", item_id=" + item_id + " -->"); // // START PAGE OUTPUT // out.println(SystemUtils.HeadTitle("Member Acivities")); out.println("<style>"); out.println(".actLink { color: black }"); out.println(".actLink:hover { color: #336633 }"); // out.println(".playerTD {width:125px}"); out.println("</style>"); out.println( "<body bgcolor=\"#CCCCAA\" text=\"#000000\" link=\"#336633\" vlink=\"#8B8970\" alink=\"#8B8970\">"); SystemUtils.getMemberSubMenu(req, out, caller); // required to allow submenus on this page // // DISPLAY A LIST OF AVAILABLE ACTIVITIES // out.println( "<p align=center><b><font size=5 color=#336633><BR><BR>Available Activities</font></b></p>"); out.println( "<p align=center><b><font size=3 color=#000000>Select your desired activity from the list below.<br>NOTE: You can set your default activity under <a href=\"Member_services\" class=actLink>Settings</a>.</font></b></p>"); out.println("<table align=center>"); try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT foretees_mode FROM club5 WHERE clubName <> '';"); if (rs.next()) { foretees_mode = rs.getInt(1); } // if they have foretees then give a link in to the golf system if (foretees_mode != 0) { out.println( "<tr><td align=center><b><a href=\"Member_jump?switch&activity_id=0\" class=linkA style=\"color:#336633\" target=_top>Golf</a></b></td></tr>"); // ForeTees } // build a link to any activities they have access to rs = stmt.executeQuery( "SELECT * FROM activities " + "WHERE parent_id = 0 " + "ORDER BY activity_name"); while (rs.next()) { out.println( "<tr><td align=center><b><a href=\"Member_jump?switch&activity_id=" + rs.getInt("activity_id") + "\" class=linkA style=\"color:#336633\" target=_top>" + rs.getString("activity_name") + "</a></b></td></tr>"); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } finally { try { rs.close(); } catch (Exception ignore) { } try { stmt.close(); } catch (Exception ignore) { } } out.println("</table>"); out.println("</body></html>"); /* out.println("<script>"); out.println("function load_types() {"); out.println(" try {document.forms['frmSelect'].item_id.selectedIndex = -1; } catch (err) {}"); out.println(" document.forms['frmSelect'].group_id.selectedIndex = -1;"); out.println(" document.forms['frmSelect'].submit();"); out.println("}"); out.println("function load_groups() {"); out.println(" document.forms['frmSelect'].submit();"); out.println("}"); out.println("function load_times(id) {"); out.println(" top.bot.location.href='Member_gensheets?id=' + id;"); out.println("}"); out.println("</script>"); out.println("<form name=frmSelect>"); // LOAD ACTIVITY TYPES out.println("<select name=type_id onchange=\"load_types()\">"); if (type_id == 0) { out.println("<option>CHOOSE TYPE</option>"); } try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT * FROM activities WHERE parent_id = 0"); while (rs.next()) { Common_Config.buildOption(rs.getInt("activity_id"), rs.getString("activity_name"), type_id, out); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } out.println(""); out.println("</select>"); // LOAD ACTIVITIES BY GROUP TYPE out.println("<select name=group_id onchange=\"load_groups()\">"); if (type_id == 0) { out.println("<option>CHOOSE TYPE</option>"); } else { try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT activity_id, activity_name FROM activities WHERE parent_id = " + type_id); rs.last(); if (rs.getRow() == 1) { group_id = rs.getInt("activity_id"); out.println("<!-- ONLY FOUND 1 GROUP -->"); } else { out.println("<option value=\"0\">CHOOSE...</option>"); } rs.beforeFirst(); while (rs.next()) { Common_Config.buildOption(rs.getInt("activity_id"), rs.getString("activity_name"), group_id, out); } stmt.close(); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } } out.println(""); out.println("</select>"); boolean do_load = false; if (group_id > 0 ) { //|| sitem_id != null // LOAD ACTIVITIES BY ITEM TYPE try { stmt = con.createStatement(); rs = stmt.executeQuery("SELECT activity_id, activity_name FROM activities WHERE parent_id = " + group_id); rs.last(); if (rs.getRow() == 0) { // no sub groups found do_load = true; item_id = group_id; } else if (rs.getRow() == 1) { // single sub group found (pre select it) item_id = rs.getInt("activity_id"); out.println("<!-- ONLY FOUND 1 ITEM -->"); } else { out.println("<select name=item_id onchange=\"load_times(this.options[this.selectedIndex].value)\">"); out.println("<option value=\"0\">CHOOSE...</option>"); } if (!do_load) { rs.beforeFirst(); while (rs.next()) { Common_Config.buildOption(rs.getInt("activity_id"), rs.getString("activity_name"), item_id, out); } } stmt.close(); out.println(""); out.println("</select>"); } catch (Exception exc) { out.println("<p>ERROR:" + exc.toString() + "</p>"); } } out.println("</form>"); out.println("<p><a href=\"Member_genrez\">Reset</a></p>"); try { con.close(); } catch (Exception ignore) {} if (do_load) out.println("<script>load_times(" + item_id + ")</script>"); //out.println("<iframe name=ifSheet src=\"\" style=\"width:640px height:480px\"></iframe>"); */ out.close(); }
/** Business logic to execute. */ public final Response executeCommand( Object inputPar, UserSessionParameters userSessionPars, HttpServletRequest request, HttpServletResponse response, HttpSession userSession, ServletContext context) { String serverLanguageId = ((JAIOUserSessionParameters) userSessionPars).getServerLanguageId(); Connection conn = null; Statement stmt = null; try { conn = ConnectionManager.getConnection(context); // fires the GenericEvent.CONNECTION_CREATED event... EventsManager.getInstance() .processEvent( new GenericEvent( this, getRequestName(), GenericEvent.CONNECTION_CREATED, (JAIOUserSessionParameters) userSessionPars, request, response, userSession, context, conn, inputPar, null)); java.util.List list = (ArrayList) inputPar; HierarItemDiscountVO vo = null; ResultSet rset = null; stmt = conn.createStatement(); for (int i = 0; i < list.size(); i++) { vo = (HierarItemDiscountVO) list.get(i); vo.setDiscountTypeSAL03(ApplicationConsts.DISCOUNT_CUSTOMER); // retrieve COMPANY_CODE from progressiveHIE01... rset = stmt.executeQuery( "select COMPANY_CODE_SYS01 from ITM02_ITEM_TYPES where PROGRESSIVE_HIE02 in " + "(select PROGRESSIVE_HIE02 from HIE01_LEVELS where PROGRESSIVE=" + vo.getProgressiveHie01SAL05() + ")"); if (rset.next()) vo.setCompanyCodeSys01SAL03(rset.getString(1)); else { rset.close(); conn.rollback(); return new ErrorResponse("Item hierarchy not found."); } rset.close(); DiscountBean.insertDiscount(conn, vo); stmt.execute( "insert into SAL05_ITEM_HIERAR_DISCOUNTS(COMPANY_CODE_SYS01,PROGRESSIVE_HIE01,DISCOUNT_CODE_SAL03) " + "values('" + vo.getCompanyCodeSys01SAL03() + "'," + vo.getProgressiveHie01SAL05() + ",'" + vo.getDiscountCodeSAL03() + "')"); } Response answer = new VOListResponse(list, false, list.size()); // fires the GenericEvent.BEFORE_COMMIT event... EventsManager.getInstance() .processEvent( new GenericEvent( this, getRequestName(), GenericEvent.BEFORE_COMMIT, (JAIOUserSessionParameters) userSessionPars, request, response, userSession, context, conn, inputPar, answer)); conn.commit(); // fires the GenericEvent.AFTER_COMMIT event... EventsManager.getInstance() .processEvent( new GenericEvent( this, getRequestName(), GenericEvent.AFTER_COMMIT, (JAIOUserSessionParameters) userSessionPars, request, response, userSession, context, conn, inputPar, answer)); return answer; } catch (Throwable ex) { Logger.error( userSessionPars.getUsername(), this.getClass().getName(), "executeCommand", "Error while inserting hierarchy item discounts", ex); try { conn.rollback(); } catch (Exception ex3) { } return new ErrorResponse(ex.getMessage()); } finally { try { stmt.close(); } catch (Exception ex2) { } try { ConnectionManager.releaseConnection(conn, context); } catch (Exception ex1) { } } }
public void _jspService( final javax.servlet.http.HttpServletRequest request, final javax.servlet.http.HttpServletResponse response) throws java.io.IOException, javax.servlet.ServletException { final javax.servlet.jsp.PageContext pageContext; javax.servlet.http.HttpSession session = null; final javax.servlet.ServletContext application; final javax.servlet.ServletConfig config; javax.servlet.jsp.JspWriter out = null; final java.lang.Object page = this; javax.servlet.jsp.JspWriter _jspx_out = null; javax.servlet.jsp.PageContext _jspx_page_context = null; try { response.setContentType("text/html"); pageContext = _jspxFactory.getPageContext( this, request, response, "ReportErrorPage.jsp?page=EditTargetReportForm.jsp", true, 8192, true); _jspx_page_context = pageContext; application = pageContext.getServletContext(); config = pageContext.getServletConfig(); session = pageContext.getSession(); out = pageContext.getOut(); _jspx_out = out; out.write("\n"); out.write("\n"); out.write("\n"); out.write("\n"); out.write("\n"); org.apache.jasper.runtime.JspRuntimeLibrary.include( request, response, "header.jsp", out, false); out.write(' '); out.write('\n'); out.write("\n"); out.write("\n"); out.write("\n"); out.write("\t<!-- files for JqxWidget grid -->\n"); out.write( " <link rel=\"stylesheet\" href=\"js/jqwidgets/styles/jqx.base.css\" type=\"text/css\" />\n"); out.write( " <link rel=\"stylesheet\" href=\"js/jqwidgets/styles/jqx.darkblue.css\" type=\"text/css\" />\n"); out.write( "\t<link rel=\"stylesheet\" href=\"js/jqwidgets/styles/jqx.ui-redmond.css\" type=\"text/css\" />\n"); out.write("\t\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/gettheme.js\"></script>\n"); out.write("\t<script type=\"text/javascript\" src=\"js/jquery-1.10.2.min.js\"></script>\n"); out.write(" <script type=\"text/javascript\" src=\"js/jqwidgets/jqxcore.js\"></script>\n"); out.write(" <script type=\"text/javascript\" src=\"js/jqwidgets/jqxdata.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxbuttons.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxscrollbar.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxlistbox.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxcalendar.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxdatetimeinput.js\"></script>\n"); out.write(" <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.filter.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.selection.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.sort.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.pager.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxmenu.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxlistbox.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxdropdownlist.js\"></script>\n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxdata.export.js\"></script> \n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.export.js\"></script> \n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.aggregates.js\"></script> \n"); out.write( " <script type=\"text/javascript\" src=\"js/jqwidgets/jqxgrid.grouping.js\"></script> \n"); out.write("\n"); out.write("\n"); out.write("\t\n"); out.write("\t"); session.getAttribute("UserName").toString(); // System.out.println("session bachka maapping : "+session +" \n user // "+session.getAttribute("UserName").toString()); out.write("\n"); out.write("\n"); out.write("\n"); out.write("<script src=\"js/editCustomer_details.js\"> </script> \n"); out.write("\n"); out.write("<script type=\"text/javascript\" src=\"js/popup.js\"></script>\n"); out.write("<style>\n"); out.write("hr {\n"); out.write("color: #f00;\n"); out.write("background-color: #f00;\n"); out.write("height: 3px;\n"); out.write("}\n"); out.write("#selected_order{\n"); out.write("width: 40%;\n"); out.write("max-height: 300px;\n"); out.write("border: 1px solid black; \n"); out.write("background-color: #ECFB99;\n"); out.write("float: right;\n"); out.write("margin-top: 30px;\n"); out.write("overflow: auto;\n"); out.write("margin-right: 2%;\n"); out.write("padding: 5px;\n"); out.write("}\n"); out.write("</style>\n"); out.write("<script>\n"); out.write("\t\n"); out.write("\tfunction checkField(){\n"); out.write("\t\tif(document.myform.chckall.checked==true){\n"); out.write("\t\t\tshowHint();\n"); out.write("\t\t}\n"); out.write("\t\telse{\t\tvar c_date1,c_date2,u_date2,u_date1;\n"); out.write("\t\t\t\tif(!($(\"#createDate2\").jqxDateTimeInput('disabled'))){\n"); out.write("\t\t\t\tc_date1 = $('#createDate1').jqxDateTimeInput('getText');\n"); out.write("\t\t\t\tc_date2 = $('#createDate2').jqxDateTimeInput('getText');\n"); out.write("\t\t\t}\n"); out.write("\t\t\t\n"); out.write("\t\t\tif(!($(\"#updateDate2\").jqxDateTimeInput('disabled'))){\n"); out.write("\t\t\t\tu_date1 = $('#updateDate1').jqxDateTimeInput('getText');\n"); out.write("\t\t\t\tu_date2 = $('#updateDate2').jqxDateTimeInput('getText');\n"); out.write("\t\t\t}\t \n"); out.write("\t\t showHint();\t\t \n"); out.write("\t }\n"); out.write("\t}\n"); out.write("\tfunction showMsg(){\n"); out.write("\t \t document.myform.action=\"HomeForm.jsp\";\n"); out.write("\t \t document.myform.submit();\n"); out.write("\t}\n"); out.write("\tfunction Clear(){\n"); out.write("\t\t\n"); out.write("\t\ttry{\n"); out.write("\t\t\tdocument.getElementById(\"order_number\").focus();\n"); out.write("\t\t} catch (exp){}\n"); out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\t\n"); out.write("\t\tdocument.myform.custCode.value=\"\";\n"); out.write("\t\tdocument.myform.phonenumber.value=\"\";\n"); out.write("\t\tdocument.myform.custName.value=\"\";\n"); out.write("\t\tdocument.myform.nameString.value=\"\";\t\t\n"); out.write("\t\tdocument.myform.Building.value=\"\";\n"); out.write("\t\tdocument.myform.Building_no.value=\"\";\n"); out.write("\t\tdocument.myform.wing.value=\"\";\n"); out.write("\t\tdocument.myform.block.value=\"\";\n"); out.write("\t\tdocument.myform.add1.value=\"\";\n"); out.write("\t\tdocument.myform.add2.value=\"\";\n"); out.write("\t\tdocument.myform.area.value=\"\";\n"); out.write("\t\tdocument.myform.station.value=\"\";\n"); out.write("\t\t\n"); out.write("\t\tdocument.myform.selmonth.value=\"\";\n"); out.write("\t\t\n"); out.write( "\t\t$(\"#createDate1\").jqxDateTimeInput({theme:'ui-redmond',width: '250px', height: '25px',max:new Date(),formatString: \"yyyy-MM-dd\"});\n"); out.write( "\t\t$(\"#createDate2\").jqxDateTimeInput({theme:'ui-redmond',width: '250px', height: '25px',min:new Date(),max:new Date(),formatString: \"yyyy-MM-dd\",value:new Date()});\n"); out.write("\t\t$(\"#createDate2\").jqxDateTimeInput({disabled: true});\n"); out.write("\t\t\n"); out.write("\t\t\n"); out.write( "\t\t$(\"#updateDate1\").jqxDateTimeInput({theme:'ui-redmond',width: '250px', height: '25px',max:new Date(),formatString: \"yyyy-MM-dd\"});\n"); out.write( "\t\t$(\"#updateDate2\").jqxDateTimeInput({theme:'ui-redmond',width: '250px', height: '25px',min:new Date(),max:new Date(),formatString: \"yyyy-MM-dd\",value:new Date()});\n"); out.write("\t\t$(\"#updateDate2\").jqxDateTimeInput({disabled: true});\n"); out.write("\t\t\n"); out.write("\t\t$('#createDate1').on('close', function (event) {\n"); out.write("\t\t // Some code here. \n"); out.write("\t\t \t$(\"#createDate2\").jqxDateTimeInput({disabled: false});\n"); out.write( "\t\t \t$(\"#createDate2\").jqxDateTimeInput({min: $('#createDate1').jqxDateTimeInput('getDate')});\n"); out.write(" \t\t}); \t\n"); out.write(" \t\t\n"); out.write(" \t\t$('#updateDate1').on('close', function (event) {\n"); out.write("\t\t // Some code here. \n"); out.write("\t\t \t$(\"#updateDate2\").jqxDateTimeInput({disabled: false});\n"); out.write( "\t\t \t$(\"#updateDate2\").jqxDateTimeInput({min: $('#updateDate1').jqxDateTimeInput('getDate')});\n"); out.write(" \t\t}); \t\n"); out.write("\t\t\n"); out.write("\t\tfunEnabled();\n"); out.write("\t}\n"); out.write("\t\n"); out.write("function ckeckEmpty(){\n"); out.write("\tif(document.getElementById(\"order_number\").value == \"\"){\n"); out.write("\t\talert(\"Please Enter Order Number\");\n"); out.write("\t\tdocument.getElementById(\"order_number\").focus();\n"); out.write("\t\treturn false;\n"); out.write("\t} else {\n"); out.write("\t\treturn true;\n"); out.write("\t}\n"); out.write("}\n"); out.write("\n"); out.write("\n"); out.write("</script>\n"); String call_type = request.getParameter("call_type"); if (call_type == null) { call_type = ""; } if (call_type.equals("search_payment")) { String m = "<< Show List"; out.write("\n"); out.write("\t\t\t<div id=\"selected_order\">\n"); out.write("\t\t\t\t<b>Selected orders</b>\n"); out.write( "\t\t\t\t<form action=\"PrintSelectedCustPayment.jsp\" method=\"get\" id=\"submit_form\">\n"); out.write( "\t\t\t\t<table style=\"width: 100%;border-collapse: collapse;\" border=1 id=\"selected_order_table\">\n"); out.write("\t\t\t\t<tr>\n"); out.write("\t\t\t\t\t<th style=\"width: 20%;\">Order Number</th>\n"); out.write("\t\t\t\t\t<th style=\"width: 35%;\">Cust Name</th>\n"); out.write("\t\t\t\t\t<th style=\"width: 20%;\">Balance</th>\n"); out.write("\t\t\t\t\t<th style=\"width: 25%;\"> </th>\n"); out.write("\t\t\t\t</tr>\n"); out.write("\t\t\t\t</table>\n"); out.write("\t\t\t\t<table style=\"width: 100%;\" border=1 id=\"insert_table\">\n"); out.write("\t\t\t\t</table>\n"); out.write( "\t\t\t\t <input type=\"text\" readonly=\"readonly\" name=\"order_count\" id=\"order_count_id\" size=\"3\" value=\"0\" style=\"background-color :#ECFB99 ;\"/> orders selected to print.\n"); out.write( "\t\t\t\t<input type=\"submit\" onclick=\" return printSelectedInformation()\" value=\"Print\" style=\"float: right;\"/>\n"); out.write("\t\t\t\t</form>\n"); out.write("\t\t\t</div>\n"); out.write("\t\t"); } if (!call_type.equals("search_payment") || !call_type.equals("communication")) { out.write("\n"); out.write("<center>\n"); } out.write("\n"); out.write("<fieldset style=\"width: 55%;\"><legend>\n"); String msg = request.getParameter("msg"); if (call_type.equals("receive_payment")) { out.print("<h3>Search Customer To Receive Payment</h3>"); } else if (call_type.equals("search_payment")) { out.print("<h3>Search Customer To See Pending</h3>"); } else if (call_type.equals("communication")) { out.print("<h3>Search Customer To Communicate</h3>"); } else { out.print("<h3>Search Customer</h3>"); } out.write("\n"); out.write("</legend>\n"); if (call_type.equals("receive_payment")) { out.write("\n"); out.write( "\t\t<input type = \"radio\" name = \"radio\" onclick=\"ChangeCriteria('order')\" checked=\"checked\"/>Search By Order Number\n"); out.write( "\t\t<input type = \"radio\" name = \"radio\" onclick=\"ChangeCriteria('cust')\"/>Search By Customer Detail\n"); out.write("\t"); } if (call_type.equals("receive_payment")) { out.write("\n"); out.write("\t<br/><br/>\n"); out.write("<form id=\"myform1\" action=\"SearchCustUsingOrderNo.jsp\" method=\"get\">\n"); out.write("\t"); if (msg != null) { out.print("<i><font color=red>No Matching Record Found</font></i><br/><br/>"); } out.write("\n"); out.write( "\tEnter Order Number : <input type = \"text\" name = \"order_number\" value=\"\" id =\"order_number\" onkeypress=\"return isNumberKey(event)\"/>\n"); out.write( "\t<input type = \"submit\" value=\"Search\" onclick=\"return ckeckEmpty();\"/>\n"); out.write("\n"); out.write("<br/>\n"); out.write("</form>\n"); out.write("<form name=\"myform\" method=\"post\" id=\"myform\" style=\"display: none\">\n"); } else { out.write("\n"); out.write("<form name=\"myform\" method=\"post\" id=\"myform\" >\n"); } out.write("\n"); out.write("\t<table style=\"width: 100%;\">\n"); out.write("\t\t<tr style=\"width: 100%;\">\n"); out.write( "\t\t\t<td align=\"center\" colspan=3><b><font color=\"blue\"> A</font>ll Customers List       \n"); out.write( "\t\t\t<input type=\"CheckBox\" name=\"chckall\" accesskey=\"a\" onClick=\"funEnabled();\"></td>\n"); out.write("\t\t</tr>\t\t\n"); out.write("\t\t<tr style=\"width: 100%;\">\n"); out.write("\t\t\t<td colspan=3>\n"); out.write("\t\t\t<div id=\"div4\" style=\"width: 100%;\" >\n"); out.write("\t\t\t\t<table>\t\t\t\t\n"); out.write("\t\t\t\t\t<tr>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\">\n"); out.write("\t\t\t\t\t\t\t<b><font color=\"blue\">C</font>ustomer Code</b>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 29%;\"><input style=\"width: 97%;\" type=\"text\" name=\"custCode\" accesskey=\"c\"></td>\n"); out.write("\t\t\t\t\t\t"); if (call_type.equals("search_payment") || call_type.equals("communication")) { out.write("\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\">\n"); out.write("\t\t\t\t\t\t\t<b>O<font color=\"blue\">r</font>der Number</b>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 29%;\"><input style=\"width: 97%;\" type=\"text\" name=\"ordernumber\" accesskey=\"c\"></td>\n"); out.write("\t\t\t\t\t\t"); } out.write("\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Customer <font color=\"blue\">N</font>ame</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 29%;\"><input style=\"width: 97%;\" type=\"text\" name=\"custName\" align=\"right\" accesskey=\"n\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">P</font>hone Number</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 29%;\"><input style=\"width: 97%;\" type=\"text\" name=\"phonenumber\" size=\"22\" align=\"right\" colspan=\"2\" accesskey=\"p\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>M<font color=\"blue\">o</font>bile Number</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type=\"text\" name=\"mobilenumber\" size=\"22\" align=\"right\" colspan=\"2\" accesskey=\"o\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Na<font color=\"blue\">m</font>e String</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" style=\"width: 100%;\" type=\"text\" name=\"nameString\" size=\"22\" align=\"right\" accesskey=\"m\" colspan=\"2\"></td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">B</font>uilding</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type=\"text\" name=\"Building\" accesskey=\"b\" align=\"right\"></b></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Building <font color=\"blue\">N</font>o.</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type=\"text\" name=\"Building_no\" size=\"22\" accesskey=\"o\"></b></td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t <td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">W</font>ing</b></td>\n"); out.write("\t\t\t\t\t <td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t <td><input style=\"width: 97%;\" type =\"text\" name=\"wing\" accesskey=\"w\" ></td>\n"); out.write("\t\t\t\t\t \n"); out.write("\t\t\t\t\t <td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t \n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">F</font>lat No.</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type =\"text\" name=\"block\" size=\"22\" accesskey=\"f\" align=\"right\">\n"); out.write("\t\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Addr<font color=\"blue\">e</font>ss1</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type =\"text\" accesskey=\"e\" name=\"add1\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>A<font color=\"blue\">d</font>dress2</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t\t<td><input style=\"width: 97%;\" type =\"text\" accesskey=\"d\" name=\"add2\" size=\"22\"></td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr >\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>A<font color=\"blue\">r</font>ea</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td>\n"); out.write("\t\t\t\t\t\t"); String name; try { Context initContext = new InitialContext(); Context envContext = (Context) initContext.lookup("java:/comp/env"); // DataSource ds = (DataSource)envContext.lookup("jdbc/js"); DataSource ds = (DataSource) envContext.lookup("jdbc/re"); Connection conn = ds.getConnection(); Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery( "select value from code_table where category='AREA' order by value asc"); out.write("\n"); out.write("\t\t\t\t\t\t\t<SELECT style=\"width: 97%;\" name=\"area\">\n"); out.write("\t\t\t\t\t\t\t\t<OPTION VALUE=\"\"> Select Area </OPTION>\n"); out.write("\t\t\t\t\t\t"); while (rs.next()) { name = rs.getString(1); out.write("\n"); out.write("\t\t\t\t\t\t\t\t<OPTION VALUE=\""); out.print(name); out.write('"'); out.write('>'); out.write(' '); out.print(name); out.write(" </OPTION>\n"); out.write("\t\t\t\t\t\t"); } out.write("\n"); out.write("\t\t\t\t\t\t\t</SELECT>\n"); out.write("\t\t\t\t\t\t</td>\t\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Payment Type</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td>\n"); out.write("\t\t\t\t\t\t\t<SELECT style=\"width: 97%;\" name=\"payment\" align=\"left\">\n"); out.write("\t\t\t\t\t\t\t\t<OPTION selected VALUE=\"\"> Select Type </OPTION>\n"); out.write("\t\t\t\t\t\t\t\t<OPTION VALUE=\"NoType\"> No Type </OPTION>\n"); out.write("\t\t\t\t\t\t"); ResultSet rs2 = stmt.executeQuery("SELECT payment_type_code, payment_type_desc FROM payment_type"); while (rs2.next()) { out.write("\t\n"); out.write("\t\t\t\t\t\t\t\t<OPTION VALUE=\""); out.print(rs2.getString(1)); out.write('"'); out.write('>'); out.write(' '); out.print(rs2.getString(2)); out.write(" </OPTION>\n"); out.write("\t\t\t\t\t\t"); } rs2.close(); stmt.close(); conn.close(); } catch (Exception e) { e.getMessage(); e.printStackTrace(); } out.write("\n"); out.write("\t\t\t\t\t\t\t</SELECT>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Create<font color=\"blue\">D</font>ate</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td>\n"); out.write( "\t\t\t\t\t\t\t<!-- <input type =\"text\" accesskey=\"d\" name=\"c_date1\" size=\"15\" style=\"width: 79%;\">\n"); out.write( "\t\t\t\t\t\t\t<input type=\"button\" onClick=\"c1.popup('c_date1');\" value=\"...\" style=\"width: 15%;\"/> -->\n"); out.write("\t\t\t\t\t\t\t<div id='createDate1'></div>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>And</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td> \n"); out.write( "\t\t\t\t\t\t\t<!-- <input type =\"text\" name=\"c_date2\" size=\"15\" style=\"width: 79%;\">\n"); out.write( "\t\t\t\t\t\t\t<input type=\"button\" onClick=\"c1.popup('c_date2');\" value=\"...\" style=\"width: 15%;\"/> -->\n"); out.write("\t\t\t\t\t\t\t<div id='createDate2'></div>\n"); out.write("\t\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">U</font>pdate Date</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td>\n"); out.write( "\t\t\t\t\t\t\t<!-- <input type =\"text\" accesskey=\"u\" name=\"u_date1\" size=\"15\" style=\"width: 79%;\"/>\n"); out.write( "\t\t\t\t\t\t\t<input type=\"button\" onClick=\"c1.popup('u_date1');\" value=\"...\" style=\"width: 15%;\"/> -->\n"); out.write("\t\t\t\t\t\t\t<div id=\"updateDate1\"></div>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>And</b></td>\n"); out.write("\t\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write("\t\t\t\t\t\t<td> \n"); out.write( "\t\t\t\t\t\t\t<!-- <input type =\"text\" name=\"u_date2\" size=\"15\" style=\"width: 79%;\"/>\n"); out.write( "\t\t\t\t\t\t\t<input type=\"button\" onClick=\"c1.popup('u_date2');\" value=\"...\" style=\"width: 15%;\"/> -->\n"); out.write("\t\t\t\t\t\t\t<div id='updateDate2'></div>\n"); out.write("\t\t\t\t\t\t</td>\n"); out.write("\t\t\t\t\t</tr>\n"); out.write("\t\t\t\t\t<tr>\n"); out.write( "\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b><font color=\"blue\">S</font>tation</b></td>\n"); out.write("\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t<td><input style=\"width: 97%;\" type =\"text\" size=\"22\" accesskey=\"d\" name=\"station\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t<td style=\"width: 8%;\" align=\"left\"></td>\n"); out.write("\t\t\t\t\t\t\n"); out.write("\t\t\t\t\t<td style=\"width: 15%;\" align=\"left\"><b>Last Order Days</b></td>\n"); out.write("\t\t\t\t\t<td style=\"width: 1%;\" align=\"left\">:</td>\n"); out.write( "\t\t\t\t\t<td><input style=\"width: 97%;\" type=\"text\" name=\"selmonth\"/></td></tr>\n"); out.write("\t\t\t\t</table></div>\n"); out.write("\t\t\t</td>\n"); out.write("\t\t</tr>\n"); out.write("\t\t\t\n"); out.write("\t\t<tr>\n"); out.write("\t\t\t<td align=\"center\" colspan=4>\n"); out.write( "\t\t\t\t<input type=\"submit\" name=\"search\" title=\"Press <Enter>\" value=\"Search <Enter>\" accesskey=\"s\" onclick=\"checkField();return false;\"/>\n"); out.write( "\t\t\t\t<input type=\"reset\" name=\"clear\" title=\"Press <Alt+c>\" tabindex=\"1\" value=\"Clear <Alt+c>\" accesskey=\"c\" onclick=\"document.getElementById('txtHint').innerHTML='';\"/>\n"); out.write( "\t\t\t\t<INPUT type=BUTTON value=\"Cancel <Alt+c>\" accesskey=\"c\" onClick=\"showMsg();\"/></center>\n"); out.write("\t\t\t</td>\n"); out.write("\t\t</tr>\n"); out.write("\t</table>\n"); out.write("\t</fieldset>\n"); out.write("\t<input type=\"hidden\" name=\"hchckall\" value=\"1\">\n"); out.write("\t<input type=\"hidden\" name=\"call_type\" value=\""); out.print(call_type); out.write("\"/>\n"); out.write("<script>\n"); out.write("function funEnabled(){\n"); out.write("\t if (document.myform.chckall.checked==true){\n"); out.write("\t\t\tdocument.getElementById('div4').style.visibility=\"hidden\";\n"); out.write("\t\t\tdocument.myform.hchckall.value=1;\t\t\n"); out.write("\t\t\t$(\"#createDate2\").jqxDateTimeInput({disabled: true});\n"); out.write("\t\t\t$(\"#updateDate2\").jqxDateTimeInput({disabled: true});\n"); out.write("\t\t\t\n"); out.write("\t\t}\n"); out.write("\t\telse{\n"); out.write("\t\t\tdocument.getElementById('div4').style.visibility=\"visible\";\n"); out.write("\t\t\tdocument.myform.hchckall.value=0;\t\t\t\n"); out.write("\t\t}\n"); out.write("\t}\n"); out.write("window.onload =Clear;\n"); out.write("\n"); out.write("function ChangeCriteria(str){\n"); out.write("\tif(str == \"cust\"){\n"); out.write("\t\tdocument.getElementById(\"myform\").style.display='block';\n"); out.write("\t\tdocument.getElementById(\"myform1\").style.display='none';\n"); out.write("\t}else if(str == \"order\"){\n"); out.write("\t\tdocument.getElementById(\"myform\").style.display='none';\n"); out.write("\t\tdocument.getElementById(\"myform1\").style.display='block';\n"); out.write("\t\tdocument.getElementById(\"txtHint\").innerHTML=\"\";\n"); out.write("\t\tdocument.getElementById(\"order_number\").focus();\n"); out.write("\t\tdocument.getElementById(\"order_number\").value=\"\";\n"); out.write("\t}\n"); out.write("}\n"); out.write("function isNumberKey(evt) {\n"); out.write("\tvar charCode = (evt.which) ? evt.which : event.keyCode;\n"); out.write("\tif (charCode != 46 && charCode > 31 && (charCode < 48 || charCode > 57))\n"); out.write("\t\treturn false;\n"); out.write("\telse\n"); out.write("\t\treturn true;\n"); out.write("}\n"); out.write("</script>\n"); out.write( "\t<hr><center><div id=\"txtHint\" class=\"ddm1\" style=\"background-color: white;width: 100%;max-height: 400px;overflow: auto;\"></div></center>\n"); out.write("\t<br><br>\n"); out.write( "\t<p><h1><center><div id=\"waitMessage\" style=\"cursor: sw-resize;\"></center></div></h1></p>\n"); String fromFromName = ""; if (request.getParameter("fromForm") != null) fromFromName = request.getParameter("fromForm"); // CustPmtHstry out.write("\n"); out.write("\t<input type=\"hidden\" name=\"fromForm\" value=\""); out.print(fromFromName); out.write("\">\n"); out.write("</form>\n"); out.write("\n"); out.write( "<div id=\"dispdiv\" align=\"center\" style=\"border:1px solid black; padding:25px; text-align:center; display:none; background-color:#FFF; overflow:auto; height:300px; width=200px;\"> </div>\n"); out.write("</body>\n"); out.write("</html>\n"); } catch (java.lang.Throwable t) { if (!(t instanceof javax.servlet.jsp.SkipPageException)) { out = _jspx_out; if (out != null && out.getBufferSize() != 0) try { out.clearBuffer(); } catch (java.io.IOException e) { } if (_jspx_page_context != null) _jspx_page_context.handlePageException(t); else throw new ServletException(t); } } finally { _jspxFactory.releasePageContext(_jspx_page_context); } }
public void _jspService(HttpServletRequest request, HttpServletResponse response) throws java.io.IOException, ServletException { PageContext pageContext = null; HttpSession session = null; ServletContext application = null; ServletConfig config = null; JspWriter out = null; Object page = this; JspWriter _jspx_out = null; PageContext _jspx_page_context = null; try { response.setContentType("text/html; charset=ISO-8859-1"); pageContext = _jspxFactory.getPageContext(this, request, response, null, true, 8192, true); _jspx_page_context = pageContext; application = pageContext.getServletContext(); config = pageContext.getServletConfig(); session = pageContext.getSession(); out = pageContext.getOut(); _jspx_out = out; _jspx_resourceInjector = (org.glassfish.jsp.api.ResourceInjector) application.getAttribute("com.sun.appserv.jsp.resource.injector"); out.write("\n"); out.write(" \n"); out.write(" \n"); out.write(" \n"); Class.forName("com.mysql.jdbc.Driver"); out.write("\n"); out.write(" \n"); out.write(" \n"); out.write( "<!DOCTYPE html PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n"); out.write("<html>\n"); out.write("<head>\n"); out.write(" <link href=\"css/bootstrap.min.css\" rel=\"stylesheet\">\n"); out.write(" <!-- Bootstrap css online -->\n"); out.write( " <link rel=\"stylesheet\" href=\"http://netdna.bootstrapcdn.com/bootstrap/3.0.3/css/bootstrap.min.css\">\n"); out.write(" <link href=\"css/customcss.css\" rel=\"stylesheet\">\n"); out.write( " <script type=\"text/javascript\" src=\"js/jquery-1.10.2.min.js\"></script>\n"); out.write(" <script src=\"js/bootstrap.min.js\"></script>\n"); out.write("\n"); out.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=ISO-8859-1\">\n"); out.write("<title>Analysis of Algorithms : D.B.Phatak</title>\n"); out.write("</head>\n"); out.write("<body>\n"); out.write("\n"); out.write("<!--Header-->\n"); out.write("\n"); out.write(" "); String name = (String) session.getAttribute("pass"); out.write("\n"); out.write(" <div class=\"container\">\n"); out.write(" <br>\n"); out.write(" <!--HEADER -->\n"); out.write(" <div class=\"header\">\n"); out.write( " <a href=\"index.jsp\" style=\"color: #000;\"> <ul class=\"nav nav-pills pull-left\" >\n"); out.write( " <li id=\"brand_icon\"> <img src=\"Images/mic_logo.png\" alt=\"\" width=\"80px\" height=\"80px\"/></li>\n"); out.write( " <li id=\"brand_name\"> <p class=\"title\"><span style=\"font-size: 70px;\">|</span> iClass <strong>Forum</strong></p></li>\n"); out.write("\n"); out.write(" </ul></a>\n"); out.write( " <!-- <p class=\"title1\">iClass</p> <p class=\"title2\">Forum</p> \n"); out.write(" -->\n"); out.write(" <form action=\"Login\" method=\"post\">\n"); out.write("\n"); out.write( " <ul class=\"nav nav-pills pull-right\" style=\"margin-top: 35px\">\n"); out.write(" <li><a href=\"index.jsp\">Home</a></li>\n"); out.write(" <li><a href=\"contactus.jsp\">Contact Us</a></li>\n"); out.write("\n"); out.write(" "); if (name != null) { try { out.write("\n"); out.write("\n"); out.write(" <li><a href=\"logout.jsp\">Logout</a></li>\n"); out.write(" <li style=\"margin-top: 10px\">Welcome "); out.print(name); out.write("</li>\n"); out.write("\n"); out.write(" "); } catch (Exception e) { System.out.println("Problem :" + e); } } else { out.write("\n"); out.write("\n"); out.write(" <li><a href=\"signup.jsp\">Login</a></li>\n"); out.write("\n"); out.write(" "); } out.write("\n"); out.write("\n"); out.write(" </ul>\n"); out.write(" </form>\n"); out.write("\n"); out.write("\n"); out.write(" </div>\n"); out.write("\n"); out.write("\n"); out.write("\n"); out.write(" <br>\n"); out.write(" \n"); out.write(" \n"); out.write("\n"); out.write(" <!-- MODAL -->\n"); out.write(" <form action=\"\" name=\"batti\" method=\"post\">\n"); out.write("\n"); out.write( " <div class=\"modal fade\" id=\"myModal\" tabindex=\"-1\" role=\"dialog\" aria-labelledby=\"myModalLabel\" aria-hidden=\"true\">\n"); out.write(" <div class=\"modal-dialog\">\n"); out.write(" <div class=\"modal-content\">\n"); out.write(" <div class=\"modal-header\">\n"); out.write( " <button type=\"button\" class=\"close\" data-dismiss=\"modal\" aria-hidden=\"true\">×</button>\n"); out.write(" <h4 class=\"modal-title\" id=\"myModalLabel\">Answer here</h4>\n"); out.write(" </div>\n"); out.write(" <div class=\"modal-body\">\n"); out.write(" <div class=\"input-group input-group-lg\">\n"); out.write(" <span class=\"input-group-addon\">\n"); out.write( " <span class=\"glyphicon glyphicon-pencil\"></span>\n"); out.write(" </span>\n"); out.write( " <textarea class=\"form-control\" id=\"currentans\" name=\"mainanswer\" rows=\"10\" style=\"resize: vertical;\">\n"); out.write(" </textarea>\n"); out.write(" </div>\n"); out.write(" </div>\n"); out.write(" <div class=\"modal-footer\">\n"); out.write( " <input type=\"text\" id=\"hidden\" name=\"maindata\" value=\"JAI HO\"/>\n"); out.write( " <button type=\"button\" class=\"btn btn-primary\" onClick=\"saveAns()\">Save Answer</button>\n"); out.write(" </div>\n"); out.write(" </div>\n"); out.write(" </div>\n"); out.write(" </div>\n"); out.write("\n"); out.write("\n"); out.write("\n"); out.write(" </form>\n"); out.write(" <!-- MODAL ENDS HERE -->\n"); out.write("\n"); out.write("<div class=\"page1\" > \n"); out.write(" <center>\n"); out.write("\n"); out.write( " <font face=\"myFontThin\" size=\"6\" class=\"title\">Department of </font><font face=\"myFontThick\" size=\"8\"><b>Computer Science</b></font>\n"); out.write(" <br>\n"); out.write(" <font face=\"myFontThick\" size=\"5\">Prof. sunil</font>\n"); out.write(" \n"); out.write(" </center>\n"); out.write( " <br> <br> <font face=\"myFontThick\" size=\"6\"><b> bbbbbb </b></font>\n"); out.write("<br><br><br>\n"); out.write(" \n"); out.write("\n"); out.write("\n"); out.write(" "); Connection connection = DriverManager.getConnection("jdbc:mysql://localhost/aakash", "root", "lavikothari"); Statement statement = connection.createStatement(); ResultSet resultset = statement.executeQuery("select * from qa27;"); int i = 0, no, ct = 0; String qid, bid, ansdivid, buttonid, delbuttonid, userid, answerid; while (resultset.next()) { ct++; no = resultset.getInt(1); if (i < no) { i = no; } qid = "q" + no; ansdivid = "ans" + no; bid = "b" + no; buttonid = "button" + no; delbuttonid = "delbutton" + no; userid = "user" + no; answerid = "answer" + no; out.write("\n"); out.write(" <!-- <form action=\"\" method=\"get\" name=\"batti\" > -->\n"); out.write("\t \n"); out.write("\t<div class=\"panel panel-default\">\n"); out.write(" <div class=\"panel-heading\">\n"); out.write(" <h3 class=\"panel-title\">\n"); out.write(" <div id="); out.print(userid); out.write( " style=\"font-style:bold ;font-size:15px; padding-left:0.5px ;text-shadow: 2px 2px 8px #6E6E6E\">\n"); out.write("\t \t"); out.print(resultset.getString(4)); out.write("\n"); out.write(" </div>\n"); out.write(" </h3>\n"); out.write(" </div>\n"); out.write(" <div class=\"panel-body\">\n"); out.write(" <div id="); out.print(qid); out.write(" style=\"text-align:left ;font-size:20px;font-style:italic\">\n"); out.write("\t\t\t"); out.print(resultset.getString(2)); out.write("<br><br>\n"); out.write("\t\t</div>\n"); out.write("\t \t<div class=\"panel panel-default\" id="); out.print(ansdivid); out.write(" >\n"); out.write(" \t\t\t\t<div class=\"panel-body\" >\n"); out.write(" \t\t\t \t\t<p id="); out.print(answerid); out.write('>'); out.print(resultset.getString(3)); out.write("</p>\n"); out.write(" \t\t \t\t</div>\n"); out.write("\t\t</div>\n"); out.write("\t\t<div id="); out.print(bid); out.write(" >\n"); out.write("\t\t\t "); String condition = (String) session.getAttribute("pass"); String prof1 = (String) session.getAttribute("Prof"); String prof2 = (String) session.getAttribute("Prof2"); // out.println("Lec="+condition); // out.println("prof1="+prof1); // out.println("prof2="+prof2); // System.out.println("Lec="+condition); if (condition != null && prof1.equals(prof2)) { out.write(" \n"); out.write("\n"); out.write( " <input type=\"button\" class=\"btn btn-primary btn-sm\" style=\"float:right;display:inline\" value=\"Delete\" onClick=\"delQues(this.id)\" id="); out.print(delbuttonid); out.write(" />\n"); out.write( " <input type=\"button\" class=\"btn btn-primary btn-sm\" style=\"float:left;display:inline\" data-toggle=\"modal\" value=\"Answer\" data-target=\"#myModal\" onClick=\"myfunc(this.id)\" id="); out.print(buttonid); out.write(" />\n"); out.write(" "); } out.write("\n"); out.write(" \n"); out.write("\t\t</div>\n"); out.write(" </div>\n"); out.write(" </div>\n"); out.write("\t\n"); out.write("\t \n"); out.write("\t\t\n"); out.write(" "); } out.write("\n"); out.write("\n"); out.write( " <form action=\"\" name=\"delform\" method=\"post\" style=\"visibility:hidden\">\n"); out.write("\n"); out.write( " <input type=\"text\" id= \"delfieldid\" name=\"delfield\" value=\"Namastey\" />\n"); out.write( " <input type=\"text\" id= \"futureid\" name=\"futurefield\" value=\"London\" />\n"); out.write(" </form>\n"); out.write("\n"); out.write("\n"); out.write(" <span id =\"debug\" style=\"visibility:hidden\">Hello </span>\n"); out.write("\n"); out.write(" </div>\n"); out.write("</div> \n"); out.write("\t \n"); out.write(" \n"); out.write("</div>\n"); out.write(" \n"); out.write(" </div>\n"); out.write(" \n"); out.write(" \n"); out.write(" <script type=\"text/javascript\">\n"); out.write("\t count="); out.print(ct); out.write(";\n"); out.write("\t debugging=document.getElementById(\"debug\");\n"); out.write("\t debugging.innerHTML=\"Count is\"+count;\n"); out.write("\t hid=document.getElementById(\"hidden\");\n"); out.write("\t hid.style.display='none';\n"); out.write("\t \n"); out.write("\t for (x=1;x<=count;x++)\n"); out.write("\t {\t\n"); out.write("\t\t y=document.getElementById(\"answer\"+x);\n"); out.write("\t\t debug.innerHTML+=y.innerHTML;\n"); out.write("\t\t z=document.getElementById(\"button\"+x);\n"); out.write("\t\t if(y!=null && y.innerHTML==\"\")\n"); out.write("\t\t {\n"); out.write("\t\t document.getElementById(\"ans\"+x).style.display='none';\n"); out.write("\t\t }\n"); out.write("\t\t \n"); out.write("\t\t else\n"); out.write("\t\t\t {\n"); out.write("\t\t\t if(z!=null){\n"); out.write("\t\t\t z.value=\"Edit Answer\";\n"); out.write("\t\t\t }\n"); out.write("\t\t\t }\n"); out.write("\t }\n"); out.write("\n"); out.write("\t function myfunc(clicked_id){\n"); out.write("\t\t \n"); out.write("\t\t hid.value=clicked_id;\n"); out.write("\t\t quesid=clicked_id.replace(\"button\",\"q\");\n"); out.write("\t\t ansid=clicked_id.replace(\"button\",\"answer\");\n"); out.write("\t\t \n"); out.write("\t\t question=document.getElementById(quesid).innerHTML;\n"); out.write("\t\t answer=document.getElementById(ansid).innerHTML;\n"); out.write("\t\t \n"); out.write("\t\t answer.replace(\" \",\"\");\n"); out.write("\t\t question.replace(\" \",\"\");\n"); out.write("\t\t \n"); out.write("\t\t document.getElementById(\"myModalLabel\").innerHTML=question;\n"); out.write("\t\t document.getElementById(\"currentans\").value=answer;\n"); out.write("\t\t \n"); out.write("\t }\n"); out.write("\t \n"); out.write("\t\n"); out.write("\t function saveAns()\n"); out.write("\t {\n"); out.write("\t\t document.batti.submit();\n"); out.write("\t\t \n"); out.write("\t\t "); String clid = request.getParameter("maindata"); if (clid != null) { String tobeanswered = clid.replace("button", ""); System.out.println(tobeanswered); String answer = request.getParameter("mainanswer"); Statement stmt = connection.createStatement(); String query = "update qa27 set ans ='" + answer + "' where id='" + tobeanswered + "';"; stmt.executeUpdate(query); response.sendRedirect("lec.jsp#user" + tobeanswered); } out.write("\n"); out.write("\t }\n"); out.write("\t \n"); out.write("\t \n"); out.write("\n"); out.write("\t function delQues(clicked_id)\n"); out.write("\t {\n"); out.write("\t\t \n"); out.write("\t\t document.getElementById(\"delfieldid\").value=clicked_id;\n"); out.write("\t\t \n"); out.write("\t\t \n"); out.write("\t\t\t document.getElementById(\"futureid\").value=\"yesssssssss\";\n"); out.write("\t\t v=parseInt(clicked_id.replace(\"delbutton\",\"\"))+1;\n"); out.write("\t\t while(document.getElementById(\"user\"+v)==null && v<count)\n"); out.write("\t\t\t {\n"); out.write("\t\t\t v++;\n"); out.write("\t\t\t document.getElementById(\"futureid\").value=\"user\"+v;\n"); out.write("\t\t\t }\n"); out.write("\t\t if(clicked_id==\"delbutton\"+count)\n"); out.write("\t\t\t {\n"); out.write("\t\t\t v=parseInt(clicked_id.replace(\"delbutton\",\"\"))-1;\n"); out.write("\t\t\t }\n"); out.write("\t\tdocument.getElementById(\"futureid\").value=\"user\"+v;\n"); out.write("\t\t\t \n"); out.write("\t\t document.delform.submit();\n"); out.write("\t\t \n"); out.write("\t\t "); String delid = request.getParameter("delfield"); if (delid != null) { String tobedel = delid.replace("delbutton", ""); System.out.println("Deleting " + tobedel); Statement stmt1 = connection.createStatement(); String query1 = "delete from qa27 where id='" + tobedel + "';"; stmt1.executeUpdate(query1); String futid = request.getParameter("futurefield"); response.sendRedirect("lec.jsp#" + futid); } out.write("\n"); out.write("\t\t \n"); out.write("\t }\n"); out.write("\t \n"); out.write("\t \n"); out.write("\t </script>\n"); out.write("\t\n"); out.write("\n"); out.write("</body>\n"); out.write("</html> \n"); } catch (Throwable t) { if (!(t instanceof SkipPageException)) { out = _jspx_out; if (out != null && out.getBufferSize() != 0) out.clearBuffer(); if (_jspx_page_context != null) _jspx_page_context.handlePageException(t); else throw new ServletException(t); } } finally { _jspxFactory.releasePageContext(_jspx_page_context); } }
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding("gb2312"); response.setContentType("text/html; charset=gb2312"); out = response.getWriter(); session = request.getSession(); time = new Time(); str = new Str(); db = new Db(); // 取得 try { id = Integer.parseInt((String) request.getParameter("id")); } catch (Exception e) { id = 0; } password = request.getParameter("password"); password = str.inStr(password); sqlsp = "SELECT * FROM password WHERE employeeid=" + id; sqlse = "SELECT employeeid FROM eminfo WHERE employeeid=" + id; sqlu = "UPDATE password SET time='" + time.getYMDHMS() + "',password='******' WHERE employeeid=" + id; sqli = "INSERT INTO password(employeeid,password,time) VALUES(" + id + ",'" + password + "','" + time.getYMDHMS() + "')"; try { stmt = db.getStmtread(); rs = stmt.executeQuery(sqlsp); // 不是第一次设置更新数据库 if (rs.next()) { db.close(); stmt = db.getStmt(); temp = 0; temp = stmt.executeUpdate(sqlu); if (temp > 0) { request.setAttribute("msg", "设置成功"); } else { request.setAttribute("msg", "设置失败"); } db.close(); } else { // 第一次设置 db.close(); temp = 0; stmt = db.getStmtread(); rs = stmt.executeQuery(sqlse); if (rs.next()) { // id存在 rs.close(); stmt.close(); temp = 0; stmt = db.getStmt(); temp = stmt.executeUpdate(sqli); if (temp > 0) { request.setAttribute("msg", "设置成功"); } else { request.setAttribute("msg", "设置失败"); } db.close(); } else { // id不存在 db.close(); request.setAttribute("msg", "员工序号不存在"); } } } catch (SQLException e) { e.printStackTrace(); } finally { RequestDispatcher dispatcher = request.getRequestDispatcher("set1.jsp"); dispatcher.forward(request, response); } }
/** @see HttpServlet#doPost(HttpServletRequest request, HttpServletResponse response) */ protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // TODO Auto-generated method stub response.setContentType("text/html"); Connection conn = null; System.out.println("Reached here 1"); String driver = "sun.jdbc.odbc.JdbcOdbcDriver"; String user = ""; String userpass = ""; String strQuery = ""; Statement st = null; ResultSet rs = null; HttpSession session = request.getSession(true); try { Class.forName(driver); conn = DriverManager.getConnection("jdbc:odbc:test", "", ""); if (request.getParameter("user") != null && request.getParameter("user") != "" && request.getParameter("userpass") != null && request.getParameter("userpass") != "") { user = request.getParameter("user").toString(); userpass = request.getParameter("userpass").toString(); strQuery = "select * from register "; st = conn.createStatement(); System.out.println("Reached here 2"); rs = st.executeQuery(strQuery); System.out.println("Reached here 3"); String cpass = null; String name = null; while (rs.next()) { if (rs.getString(3).equals(user)) { name = rs.getString(1); cpass = rs.getString("pass"); break; } } session.setAttribute("sname", name); System.out.println("Reached Here 4"); StringBuffer q = pack.calc(userpass); String q1 = q.toString(); System.out.println("Reached Here 5"); if (cpass.equals(q1)) { RequestDispatcher rd = this.getServletConfig().getServletContext().getRequestDispatcher("/home.jsp"); rd.forward(request, response); } else { RequestDispatcher rd = this.getServletConfig().getServletContext().getRequestDispatcher("/login5.jsp"); rd.forward(request, response); } } conn.close(); } catch (Exception e) { e.printStackTrace(); } }
private List<LicenseData> getSearchByFieldResults( String reseller, String parameter, String type) { List<LicenseData> list = new ArrayList<LicenseData>(); Connection con = null; try { Statement pst = null; con = getConnectiontoDB(); StringBuffer sql = new StringBuffer(); if (type.equalsIgnoreCase("sno")) { sql.append( " select distinct ib.item,o.orderkey,'1',so_header.so_number,so_header.end_user,TO_CHAR(TO_TIMESTAMP(so_header.ship_date/1000), 'YYYY-MM-DD'), "); } else { sql.append( " select distinct so_item.item,so_item.entitlementkey,so_item.quantity,so_header.so_number,so_header.end_user,TO_CHAR(TO_TIMESTAMP(so_header.ship_date/1000), 'YYYY-MM-DD'), "); } sql.append( "o.hmid, CASE TO_CHAR(TO_TIMESTAMP(o.substartdate/1000), 'YYYY-MM-DD') WHEN '1969-12-31' THEN '' WHEN TO_CHAR(TO_TIMESTAMP(o.subenddate/1000), 'YYYY-MM-DD') THEN '' ELSE TO_CHAR(TO_TIMESTAMP(o.substartdate/1000), 'YYYY-MM-DD') END, "); sql.append( "CASE TO_CHAR(TO_TIMESTAMP(o.subenddate/1000), 'YYYY-MM-DD') WHEN '1969-12-31' THEN '' WHEN TO_CHAR(TO_TIMESTAMP(o.substartdate/1000), 'YYYY-MM-DD') THEN '' ELSE TO_CHAR(TO_TIMESTAMP(o.subenddate/1000), 'YYYY-MM-DD') END, so_header.po_check_number,so_header.reseller, "); sql.append( " CASE WHEN so_item.producttype='Support' THEN TO_CHAR(TO_TIMESTAMP(o.startdate/1000), 'YYYY-MM-DD') ELSE '' END, "); sql.append( " CASE WHEN so_item.producttype='Support' THEN TO_CHAR(TO_TIMESTAMP(o.enddate/1000), 'YYYY-MM-DD') ELSE '' END "); if (type.equalsIgnoreCase("sno")) { sql.append(" ,ib.serialnumber"); sql.append( " from ns.so_header so_header inner join ns.ib ib on ib.salesordernumber =so_header.so_number "); sql.append(" inner join orderkey_information o on so_header.entitlement_key=o.orderkey"); sql.append( " inner join ns.temp_so_item so_item on so_header.entitlement_key=so_item.entitlementkey"); } else { sql.append( " from ns.so_header so_header inner join ns.temp_so_item so_item on so_header.entitlement_key=so_item.entitlementkey "); sql.append(" inner join orderkey_information o on so_header.entitlement_key=o.orderkey "); } if (type.equalsIgnoreCase("sno")) sql.append(" where ib.serialnumber ILIKE '%" + parameter.trim() + "%' "); if (type.equalsIgnoreCase("so")) sql.append("where so_header.so_number='" + parameter.trim() + "' "); if (type.equalsIgnoreCase("enduser")) sql.append( "where so_header.end_user ILIKE '%" + parameter.trim().replace("'", "''") + "%'"); if (type.equalsIgnoreCase("ek")) sql.append("where so_header.entitlement_key ILIKE '%" + parameter.trim() + "%'"); if (type.equalsIgnoreCase("po")) sql.append("where so_header.po_check_number ILIKE '%" + parameter.trim() + "%'"); if (type.equalsIgnoreCase("hm")) sql.append("where o.hmid ILIKE '%" + parameter.trim() + "%'"); if (reseller != null && !reseller.isEmpty() && !reseller.equalsIgnoreCase("%admin%")) sql.append(" and so_header.reseller ILIKE '" + reseller.trim() + "'"); if (type.equalsIgnoreCase("sno")) sql.append(" order by so_header.so_number desc "); pst = con.createStatement(); ResultSet rs = pst.executeQuery(sql.toString()); log.info("Search Fields : SQL Query " + sql); while (rs.next()) { LicenseData data = new LicenseData(); data.setEntitlementKey(rs.getString(2)); data.setSku(rs.getString(1)); data.setQuantity(rs.getString(3)); data.setSoNumbber(rs.getString(4)); ; data.setEndUser(rs.getString(5)); data.setShipDate(rs.getString(6)); data.setHmId(rs.getString(7)); data.setLicenseStartDate(rs.getString(8)); data.setLicenseEndDate(rs.getString(9)); data.setPoNumber(rs.getString(10)); data.setNumber(rs.getString(4)); data.setBillingCustomer(rs.getString(11)); data.setSupportStartDate(rs.getString(12)); data.setSupportEndDate(rs.getString(13)); if (type.equalsIgnoreCase("sno")) data.setSerialNumber(rs.getString(14)); list.add(data); } } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } finally { try { con.close(); } catch (SQLException e) { // TODO Auto-generated catch block e.printStackTrace(); } } return list; }
public void bad() throws Throwable { String data_copy; { String data; Logger log_bad = Logger.getLogger("local-logger"); data = ""; /* init data */ /* read user input from console with readLine*/ BufferedReader buffread = null; InputStreamReader instrread = null; try { instrread = new InputStreamReader(System.in); buffread = new BufferedReader(instrread); data = buffread.readLine(); } catch (IOException ioe) { log_bad.warning("Error with stream reading"); } finally { /* clean up stream reading objects */ try { if (buffread != null) { buffread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing buffread"); } finally { try { if (instrread != null) { instrread.close(); } } catch (IOException ioe) { log_bad.warning("Error closing instrread"); } } } data_copy = data; } { String data = data_copy; Logger log2 = Logger.getLogger("local-logger"); Connection conn_tmp2 = null; Statement sqlstatement = null; ResultSet sqlrs = null; try { conn_tmp2 = IO.getDBConnection(); sqlstatement = conn_tmp2.createStatement(); /* POTENTIAL FLAW: take user input and place into dynamic sql query */ sqlrs = sqlstatement.executeQuery("select * from users where name='" + data + "'"); IO.writeString(sqlrs.toString()); } catch (SQLException se) { log2.warning("Error getting database connection"); } finally { try { if (sqlrs != null) { sqlrs.close(); } } catch (SQLException e) { log2.warning("Error closing sqlrs"); } finally { try { if (sqlstatement != null) { sqlstatement.close(); } } catch (SQLException e) { log2.warning("Error closing sqlstatement"); } finally { try { if (conn_tmp2 != null) { conn_tmp2.close(); } } catch (SQLException e) { log2.warning("Error closing conn_tmp2"); } } } } } }
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); HttpSession session = request.getSession(true); try { Object accountObject = session.getValue(ACCOUNT); // If no account object was put in the session, or // if one exists but it is not a hashtable, then // redirect the user to the original login page if (accountObject == null) throw new RuntimeException("You need to log in to use this service!"); if (!(accountObject instanceof Hashtable)) throw new RuntimeException("You need to log in to use this service!"); Hashtable account = (Hashtable) accountObject; String userName = (String) account.get("name"); ////////////////////////////////////////////// // Display Messages for the user who logged in ////////////////////////////////////////////// out.println("<HTML>"); out.println("<HEAD>"); out.println("<TITLE>Contacts for " + userName + "</TITLE>"); out.println("</HEAD>"); out.println("<BODY BGCOLOR='#EFEFEF'>"); out.println("<H3>Welcome " + userName + "</H3>"); out.println("<CENTER>"); Connection con = null; Statement stmt = null; ResultSet rs = null; try { Class.forName("com.mysql.jdbc.Driver").newInstance(); con = DriverManager.getConnection( "jdbc:mysql://localhost/contacts?user=kareena&password=kapoor"); stmt = con.createStatement(); rs = stmt.executeQuery( "SELECT * FROM contacts WHERE userName='******' ORDER BY contactID"); out.println("<form name='deleteContactsForm' method='post' action='deleteContact'>"); out.println("<TABLE BGCOLOR='#EFEFFF' CELLPADDING='2' CELLSPACING='4' BORDER='1'>"); out.println("<TR BGCOLOR='#D6DFFF'>"); out.println("<TD ALIGN='center'><B>Contact ID</B></TD>"); out.println("<TD ALIGN='center'><B>Contact Name</B></TD>"); out.println("<TD ALIGN='center'><B>Comment</B></TD>"); out.println("<TD ALIGN='center'><B>Date</B></TD>"); out.println("<TD ALIGN='center'><B>Delete Contacts</B></TD>"); out.println("</TR>"); int nRows = 0; while (rs.next()) { nRows++; String messageID = rs.getString("contactID"); String fromUser = rs.getString("contactName"); String message = rs.getString("comments"); String messageDate = rs.getString("dateAdded"); out.println("<TR>"); out.println("<TD>" + messageID + "</TD>"); out.println("<TD>" + fromUser + "</TD>"); out.println("<TD>" + message + "</TD>"); out.println("<TD>" + messageDate + "</TD>"); out.println( "<TD><input type='checkbox' name='msgList' value='" + messageID + "'> Delete</TD>"); out.println("</TR>"); } out.println("<TR>"); out.println( "<TD COLSPAN='6' ALIGN='center'><input type='submit' value='Delete Selected Contacts'></TD>"); out.println("</TR>"); out.println("</TABLE>"); out.println("</FORM>"); } catch (Exception e) { out.println("Could not connect to the users database.<P>"); out.println("The error message was"); out.println("<PRE>"); out.println(e.getMessage()); out.println("</PRE>"); } finally { if (rs != null) { try { rs.close(); } catch (SQLException ignore) { } } if (stmt != null) { try { stmt.close(); } catch (SQLException ignore) { } } if (con != null) { try { con.close(); } catch (SQLException ignore) { } } } out.println("</CENTER>"); out.println("</BODY>"); out.println("</HTML>"); } catch (RuntimeException e) { out.println("<script language=\"javascript\">"); out.println("alert(\"You need to log in to use this service!\");"); out.println("</script>"); out.println("<a href='index.html'>Click Here</a> to go to the main page.<br><br>"); out.println( "Or Click on the button to exit<FORM><INPUT onClick=\"javascipt:window.close()\" TYPE=\"BUTTON\" VALUE=\"Close Browser\" TITLE=\"Click here to close window\" NAME=\"CloseWindow\" STYLE=\"font-family:Verdana, Arial, Helvetica; font-size:smaller; font-weight:bold\"></FORM>"); log(e.getMessage()); return; } }
public void doPost (HttpServletRequest req,HttpServletResponse res) throws ServletException, IOException { Connection con=null; pw=res.getWriter(); Statement stmt=null; ResultSet rr=null; ResultSetMetaData rsmd; res.setContentType("text/html"); try { Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); con=DriverManager.getConnection("jdbc:odbc:sri","scott","tiger"); stmt=con.createStatement(); String inm="'"+req.getParameter("txtinm")+"'"; String q="'"+req.getParameter("txtq")+"'"; String t=req.getParameter("txtr"); char type=t.charAt(0); System.out.println((char)type); pw.println("Item name "+inm); pw.println("Quantity "+q); pw.println("Item Type "+t); pw.println((char)type); String qry1=null; switch(type) { case 'H': case 'h': qry1="select rate,iname from hware where iname="+inm; pw.println(qry1); // rr=stmt.executeQuery("select rate from hware where iname="+inm); rr=stmt.executeQuery(qry1); pw.println("Query is Executed..."); break; case 'S': case 's': qry1="select rate,iname from sware where iname="+inm; pw.println(qry1); break; case 'M': case 'm': rr=stmt.executeQuery("select rate,title from music where title="+inm); break; case 'B': case 'b': rr=stmt.executeQuery("select rate,title from books where title="+inm); break; default: { pw.println("Invalid choice"); myflag='n'; } } pw.println("Concerned Statement Prepared and Executed..."); pw.println((char)type+" Valid item type "+myflag); /*rsmd=rr.getMetaData(); int col=rsmd.getColumnCount(); pw.println("The Above Query has fetched "+col+ " Columns");*/ String name=""; while(rr.next()) { String rate=rr.getString(1); int amount=Integer.parseInt(rate); name=rr.getString(2); System.out.println(" "+rate+" "+name); pw.println(" "+amount+" "+name); pw.println("\n"+myflag); System.out.println("Valid item name "+rr.getString(2)+" "+myflag); } pw.println(" "+myflag); if(myflag=='y') { pw.println("\nOK"); pw.println("Valid item name "+name+" "+myflag); if(rr==null) { pw.println("Not a valid item"); myflag='n'; } pw.println("Valid item name "+name+" "+myflag); if(myflag=='y') { pw.println(" "+inm+" "+q); rr=stmt.executeQuery("select * from reges where flag='y'"); if(rr==null) { pw.println("\nSign in first"); //System.exit(0); myflag='n'; } pw.println("Signed in "+rr.getString(1)+" "+myflag); if(myflag=='y') { String data="'"+rr.getString(1)+"'"; String qry="insert into cart values("+inm+","+q+","+data+")"; pw.println("Query is "+qry); int rs=stmt.executeUpdate(qry); pw.println("1 row inserted"); } } } } catch(ClassNotFoundException e){} catch(SQLException e){} }