// Copyright © 2001 by Apple Computer, Inc., All Rights Reserved. // // You may incorporate this Apple sample code into your own code // without restriction. This Apple sample code has been provided "AS IS" // and the responsibility for its operation is yours. You may redistribute // this code, but you are not permitted to redistribute it as // "Apple sample code" after having made changes. package jblog; import java.io.*; import java.text.*; import java.util.*; import javax.servlet.*; import javax.servlet.http.*; import java.sql.*; import java.net.URLEncoder; /** * data recording servlet for * a very simple java web log * * @author Liz Warner */ public class Write extends HttpServlet { private MySQLConnector mydb = null; private PrintWriter out = null; public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { response.setContentType("text/html"); out = response.getWriter(); // write the HTML header out.println("<html><head><title>Java Web log</title></head>"); out.println("<body bgcolor=\"white\">"); // get the parameters "data" and "password" // from the local environment (if they exist) String data = request.getParameter("data"); String password = request.getParameter("password"); if ( (data != null) && (password != null) ) { //then the user has submitted an entry. call the writeData method writeData(data,password); } else { // the user submitted either data or password, but not both out.println("Missing data or password, please <a href=\"add_data.jsp\"> try again</a>."); } out.println("</body>"); out.println("</html>"); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { // doPost just calls goGet doGet(request,response); } // writeData checks for a valid password, // and writes the log entry to the db table private void writeData(String data, String password) { try { // create a new MySQLConnector object mydb = new MySQLConnector(); // get a valid Statement object from the connector Statement stmt = mydb.connect(); // first some really trivial security ResultSet rs = stmt.executeQuery("select count(*) as okay from blog_pass where password = \"" + password + "\""); if ( rs.next() && rs.getInt("okay") > 0 ) // trivial password checked out okay { // write the log entry int written = stmt.executeUpdate("insert into blog (data) values (\"" + data + "\")"); out.println("Your entry was recorded. <br><br><br><a href=\"/blog/Show\"<View Entries</a>"); } else { // bad password // redirect the jsp entry form out.println("Bad password, please <a href=\"add_data.jsp?data=" + URLEncoder.encode(data) + "\">try again</a>."); } // disconnect from MySQL mydb.disconnect(stmt); } catch (Exception ex) { out.println("Whoops, your entry was not recorded! <br><br> " + ex.toString() ); } } }