import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
/**
* An example to show the difference between Statements and PrepareStatements in
* login forms.
*
* @author Sofoklis Stouraitis
*/
public class TestLoginServlet extends HttpServlet {
/**
* Handles HTTP POST requests.
*
* @param request
* the request object
* @param response
* the response object
*
* @throws IOException
* if an input or output error is detected when the servlet
* handles the POST request.
* @throws ServletException
* if the request for the POST could not be handled.
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
response.setContentType("text/html; charset=ISO-8859-7");
PrintWriter out = new PrintWriter(response.getWriter(), true);
// read the parameters from request
String user = request.getParameter("username");
String passwd = request.getParameter("password");
String option = request.getParameter("optlogin");
boolean userExistance = false;
try {
/*
* Initialize EloiStaff Object in order to connect to the database.
*/
LabStaff lab = new LabStaff();
/*
* Establish connection with database.
*/
lab.open();
out.println("<html>");
out.println(" <head>");
out.println(" <Meta Http-Equiv='Content-Type' Content='text/html; Charset=iso-8859-7'>");
out.println(" <title>Statement vs PreparedStatement</title>");
out.println(" <link rel='stylesheet' href='../css/custom.css' type='text/css'>");
out.println(" </head>");
out.println(" <body>");
if (option.equals("1")) {
userExistance = lab.isUserValid(user, passwd);
} else {
userExistance = lab.isUserValidVulnerable(user, passwd);
}
out.println("<h1 class='bigTitle'>Statement vs PreparedStatement</h1>");
if (userExistance) {
out.println("<h2 class='success'>User is valid!</h2>");
} else {
out.println("<h2 class='error'>User is NOT valid!</h2>");
}
if (option.equals("2")) {
out.println("<p class='info'> Query executed via Statement </p>");
out.println("<p class='info'><b>query: </b> " + lab.getQuery()
+ " </p>");
} else {
out.println("<p class='info'> Query executed via PreparedStatement </p>");
}
/*
* close the connection with database
*/
lab.close();
out.println("</body>");
out.println("</html>");
} catch (Exception e) {
/*
* Prints the error.
*/
out.println("<br><b>Error:</b> " + e.getMessage());
out.println("</body>");
out.println("</html>");
}
}
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
/*
* If receive any get request redirect user back to login form.
*/
response.sendRedirect("../loginform.html");
}
}// end of class
|