forked from mobbeitan/vulnerable-code
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmy naive sql.java
More file actions
24 lines (22 loc) · 951 Bytes
/
my naive sql.java
File metadata and controls
24 lines (22 loc) · 951 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
import java.sql.PreparedStatement;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.Statement;
public class SQLInjectionExample extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException {
try {
Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
String user = request.getParameter("username");
String query = "SELECT * FROM users WHERE username = ?;";
PreparedStatement stmt = con.prepareStatement(query);
stmt.setString(1, request.getParameter("username"));
stmt.executeQuery();
} catch (Exception e) {
throw new ServletException(e);
}
}
}