-
-
Save jipengxiang/f9044d4f19bb87bfe2d757205f1ed8af to your computer and use it in GitHub Desktop.
Please complete the following elearning tasks by 13/1/19 1159pm: | |
1) Complete the 3 coding exercises at https://mimosa-admin.arcadove.host | |
2) Complete Practical 6 | |
Pract 6 submission to the Elearning Practical Submission Folder | |
Tian Le, Keane, Ryan, Afzal, Jerrod
PreparedStatement for mimosa
String sql = "select * from sqli_employees where username = ? and password = ?";
PreparedStatement pstmt = conn.prepareStatement(sql);
pstmt.setString(1,username);
pstmt.setString(2,password);
ResultSet rs = pstmt.executeQuery();
Medium regex mimosa
String email = request.getParameter("email");
boolean bool;
String pattern = "^([A-Za-z0-9._]{4,})@ichat.sp.edu.sg$"; //continue from here
bool = email.matches(pattern);
String output = String.valueOf(bool);
request.setAttribute("output", output);
Hard regex mimosa
String password = request.getParameter("password");
boolean bool;
String pattern="(^(?=.[0-9])(?=.[a-z])(?=.[A-Z])(?=.[a-zA-Z])(?=.[!@#$%^&])(?!.*\s).{8,16}$)";
bool = password.matches(pattern);
String output = String.valueOf(bool);
request.setAttribute("output", output);
Practical 6 e-learning
Part A
//(a)Do validation and output sanitization
else{
//only allow letters
String p = "[a-zA-Z]+";
if(search.matches(p)){
String searchClean = StringEscapeUtils.escapeHtml4(search);
}
else{
search="";
out.println("Invalid Search Query");
}
}
Part B
//(b)Wrong use of preparedStatement, to fix
String sqlStr = "Select * from inventory where functions like ? order by brand, model";
PreparedStatement pstmt = conn.prepareStatement(sqlStr);
pstmt.setString(1,"%"+search+"%");
ResultSet rs = pstmt.executeQuery();
Part C
//(c)validation of id
String p = "[0-9]*";
if(id.matches(p)){
Part D
//(d)Wrong use of preparedStatement, to fix
String sqlStr = "Delete from Inventory WHERE ID= ?";
PreparedStatement pstmt = conn.prepareStatement(sqlStr);
pstmt.setString(1,id);
int rec=pstmt.executeUpdate();
conn.close();
Ken, Eileen, Amiran
Mimosa:
Medium Regex:
`import java.io.*;
import javax.servlet.;
import javax.servlet.annotation.;
import javax.servlet.http.;
import java.util.regex.;
@WebServlet("/MediumRegex")
public class MediumRegex extends HttpServlet {
}`
Advanced Regex
`import java.io.*;
import javax.servlet.;
import javax.servlet.annotation.;
import javax.servlet.http.*;
@WebServlet("/AdvancedRegex")
public class AdvancedRegex extends HttpServlet {
}
`
Practical 6
//(a)Do validation and output sanitization
//(b)Wrong use of preparedStatement, to fix
```
String sqlStr = "Select * from inventory where functions like ? order by brand, model";
//(d)Wrong use of preparedStatement, to fix
```
String sqlStr2 = "delete from inventory where id = ?";
PreparedStatement pstmt2 = conn.prepareStatement(sqlStr2);