-
-
Save jipengxiang/f9044d4f19bb87bfe2d757205f1ed8af to your computer and use it in GitHub Desktop.
Please complete the following elearning tasks by 13/1/19 1159pm: | |
1) Complete the 3 coding exercises at https://mimosa-admin.arcadove.host | |
2) Complete Practical 6 | |
Pract 6 submission to the Elearning Practical Submission Folder | |
Ken, Eileen, Amiran
Mimosa:
Medium Regex:
`import java.io.*;
import javax.servlet.;
import javax.servlet.annotation.;
import javax.servlet.http.;
import java.util.regex.;
@WebServlet("/MediumRegex")
public class MediumRegex extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String email = request.getParameter("email");
boolean bool;
String pattern = "\\w{4,}.+" + //4 Words
"\\D(ichat.sp.edu.sg)";//Looks for the entire string of characteers
bool = Pattern.matches(pattern,email);
String output = String.valueOf(bool);
request.setAttribute("output", output);
}
}`
Advanced Regex
`import java.io.*;
import javax.servlet.;
import javax.servlet.annotation.;
import javax.servlet.http.*;
@WebServlet("/AdvancedRegex")
public class AdvancedRegex extends HttpServlet {
public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
String password = request.getParameter("password");
boolean bool;
//Fill in your codes here...
String pattern = "^(?=.*[A-Z])" //Uppercase
+ "(?=.*[a-z])"+ // Lowercase
"(?=.*\\d)"+//One digit
"(?=.[#@$!%?&])"+ //Checks
"[A-Za-z\\d#@$!%*?&]{8,16}$"; //Looks for captial letter, lenght and whitespace
bool = password.matches(pattern);
String output = String.valueOf(bool);
request.setAttribute("output", output);
}
}
`
Practical 6
//(a)Do validation and output sanitization
String p = "/[A-Za-z]/g";
firstSearch = Pattern.matches(search, p);
search = search.replaceAll("[<>()\"\";/]", "");
System.out.println(search);
//(b)Wrong use of preparedStatement, to fix
```
String sqlStr = "Select * from inventory where functions like ? order by brand, model";
PreparedStatement pstmt = conn.prepareStatement(sqlStr);
pstmt.setString(1, "%" + search + "%");
ResultSet rs = pstmt.executeQuery();
//(c)validation of id
```
String sqlStr1 = "SELECT * FROM inventory WHERE id = ?";
PreparedStatement pstmt1 = conn.prepareStatement(sqlStr1);
pstmt1.setString(1, id);
ResultSet rs = pstmt1.executeQuery();
if (!rs.next()) {
out.println("<h2>Invalid ID!!</h2>");
}
//(d)Wrong use of preparedStatement, to fix
```
String sqlStr2 = "delete from inventory where id = ?";
PreparedStatement pstmt2 = conn.prepareStatement(sqlStr2);
pstmt2.setString(1, id);
int rec=pstmt2.executeUpdate();
conn.close();
Tian Le, Keane, Ryan, Afzal, Jerrod
PreparedStatement for mimosa
String sql = "select * from sqli_employees where username = ? and password = ?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1,username);
pstmt.setString(2,password);
ResultSet rs = pstmt.executeQuery();
Medium regex mimosa
String email = request.getParameter("email");
boolean bool;
String pattern = "^([A-Za-z0-9._]{4,})@ichat.sp.edu.sg$"; //continue from here
bool = email.matches(pattern);
String output = String.valueOf(bool);
request.setAttribute("output", output);
Hard regex mimosa
String password = request.getParameter("password");
boolean bool;
String pattern="(^(?=.[0-9])(?=.[a-z])(?=.[A-Z])(?=.[a-zA-Z])(?=.[!@#$%^&])(?!.*\s).{8,16}$)";
bool = password.matches(pattern);
String output = String.valueOf(bool);
request.setAttribute("output", output);
Practical 6 e-learning
Part A
//(a)Do validation and output sanitization
else{
//only allow letters
String p = "[a-zA-Z]+";
if(search.matches(p)){
String searchClean = StringEscapeUtils.escapeHtml4(search);
}
else{
search="";
out.println("Invalid Search Query");
}
}
Part B
//(b)Wrong use of preparedStatement, to fix
String sqlStr = "Select * from inventory where functions like ? order by brand, model";
PreparedStatement pstmt = conn.prepareStatement(sqlStr);
pstmt.setString(1,"%"+search+"%");
ResultSet rs = pstmt.executeQuery();
Part C
//(c)validation of id
String p = "[0-9]*";
if(id.matches(p)){
Part D
//(d)Wrong use of preparedStatement, to fix
String sqlStr = "Delete from Inventory WHERE ID= ?";
PreparedStatement pstmt = conn.prepareStatement(sqlStr);
pstmt.setString(1,id);
int rec=pstmt.executeUpdate();
conn.close();
Ken Tong, Augustus, Keith, How Chong, Jun Hong
MIMOSA
sql:
String sql = "select * from sqli_employees where username = ? and password = ?"; PreparedStatement stmt = conn.prepareStatement(sql); stmt.setString(1, username); stmt.setString(2, password); ResultSet rs = stmt.executeQuery();
Medium Regax
([a-zA-Z._0-9]{4,})+@(ichat)+.(sp)+.(edu)+.(sg)
Advance Regax
^(?=.*?[A-Z])(?=.*?[a-z])(?=.*?[0-9])(?=.*?[#?!@$%^&*-])(?!.* ).{8,16}$
Prac 6 (a)
Prac 6 (b)
Prac 6 (c)
if(!id.matches("^[0-9]*$")){ response.sendRedirect("login.jsp"); }
Prac 6 (d)