Question
How do I make a prepared statement with variable binding (aka parameterized queries) for the below code application? I have accessed SQL Injection Prevention Cheat
How do I make a prepared statement with variable binding (aka parameterized queries) for the below code application? I have accessed SQL Injection Prevention Cheat Sheet https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet to see examples of safe code but is unable to use the examples given in my code. If tmaking prepared statements is not possible, how do I change the login portion of this Java code to prevent SQL injection in my database? Please explain the method used. The logon uses an email and a password. I used the email with Or "1=1" to access the database, but the exact password is needed.
import java.io.IOException; import java.io.PrintWriter; import java.sql.Connection; import java.sql.ResultSet; import java.sql.Statement; import javax.servlet.RequestDispatcher; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.derby.jdbc.ClientDataSource; public class Authenticate extends HttpServlet { // variables private String username; private String pword; private Boolean isValid; private int user_id; private HttpSession session; /** * Processes requests for both HTTP GET
and POST
* methods. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html;charset=UTF-8"); try (PrintWriter out = response.getWriter()) { /* TODO output your page here. You may use following sample code. */ out.println(""); out.println(""); out.println("
Servlet Authenticate at " + request.getContextPath() + "
"); out.println("Results are " + username + "," + isValid + "
"); out.println(""); out.println(""); } } //GET
method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { processRequest(request, response); } /** * Handles the HTTP POST
method. * * @param request servlet request * @param response servlet response * @throws ServletException if a servlet-specific error occurs * @throws IOException if an I/O error occurs */ @Override protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { // Get the post input this.username = request.getParameter("emailAddress"); this.pword = request.getParameter("pfield"); this.isValid = validate(this.username, this.pword); response.setContentType("text/html;charset=UTF-8"); // Set the session variable if (isValid) { // Create a session object if it is already not created. session = request.getSession(true); session.setAttribute("UMUCUserEmail", username); session.setAttribute("UMUCUserID", user_id); // Send to the Welcome JSP page RequestDispatcher dispatcher = request.getRequestDispatcher("welcome.jsp"); dispatcher.forward(request, response); } else { // Not a valid login // refer them back to the Login screen request.setAttribute("ErrorMessage", "Invalid Username or Password. Try again or contact Jim."); RequestDispatcher dispatcher = request.getRequestDispatcher("login.jsp"); dispatcher.forward(request, response); } } /** * Returns a short description of the servlet. * * @return a String containing servlet description */ @Override public String getServletInfo() { return "Short description"; }// Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started