package com.ism.scs;import java.sql.Connection;import java.sql.DriverManag

1. package com.ism.scs;
2.  
3. import java.sql.Connection;
4. import java.sql.DriverManager;
5. import java.sql.PreparedStatement;
6. import java.sql.ResultSet;
7. import java.sql.Statement;
8. import java.util.Scanner;
9.  
10. public class SQLInject {
11.  
12. public static void main(String args[]) {
13. Connection c = null;
14. Statement stmt = null;
15.  
16. try {
17. Class.forName("org.sqlite.JDBC");
18. c = DriverManager.getConnection("jdbc:sqlite:test.db");
19. System.out.println("Opened database successfully");
20. String sql;
21.  
22. stmt = c.createStatement();
23. stmt.executeUpdate("drop table product");
24.  
25. stmt = c.createStatement();
26. sql = "CREATE TABLE PRODUCT " + "(ID INT PRIMARY KEY NOT NULL," + " NAME TEXT NOT NULL, "
27. + " QUANTITY INT NOT NULL, " + " PRICE REAL," + " deleted int not null)";
28. stmt.executeUpdate(sql);
29.  
30. stmt = c.createStatement();
31. sql = "insert into product(id, name, quantity, price, deleted) values(1, 'laptop', 10, 123, 0)";
32. stmt.executeUpdate(sql);
33. sql = "insert into product(id, name, quantity, price, deleted) values(2, 'watch', 50, 50, 0)";
34. stmt.executeUpdate(sql);
35. sql = "insert into product(id, name, quantity, price, deleted) values(3, 'TV Set', 5, 300, 0)";
36. stmt.executeUpdate(sql);
37.  
38. Scanner scanner = new Scanner(System.in);
39. boolean exit = false;
40.  
41. while (!exit) {
42. System.out.println("Search product by name or id: ");
43. String input = scanner.nextLine();
44. String params[] = input.split("\\s");
45. switch (params[0]) {
46. case "exit":
47. exit = true;
48. break;
49. case "find":
50.  
51. PreparedStatement pstmt = c
52. .prepareStatement("select * from product where id=? or name=? and deleted=0");
53. pstmt.setString(1, params[1]);
54. pstmt.setString(2, params[1]);
55.  
56. ResultSet rs = pstmt.executeQuery();
57.  
58. while (rs.next()) {
59. int id = rs.getInt("id");
60. String name = rs.getString("name");
61. int q = rs.getInt("quantity");
62. float price = rs.getFloat("price");
63.  
64. System.out.println("ID = " + id);
65. System.out.println("NAME = " + name);
66. System.out.println("Quantity = " + q);
67. System.out.println("Price = " + price);
68. System.out.println();
69. }
70. rs.close();
71. pstmt.close();
72.  
73. break;
74. case "add":
75. pstmt = c.prepareStatement(
76. "insert into product(id, name, quantity, price, deleted) values(?, ?, ?, ?, 0)");
77. pstmt.setString(1, params[1]);
78. pstmt.setString(2, params[2]);
79. pstmt.setString(3, params[3]);
80. pstmt.setString(4, params[4]);
81. pstmt.executeUpdate();
82. break;
83.  
84. case "delete":
85. pstmt = c.prepareStatement("update product set deleted=1 where id=?");
86. pstmt.setInt(1, Integer.parseInt(params[1]));
87. pstmt.executeUpdate();
88.  
89. case "show":
90. pstmt = c.prepareStatement("select * from product where deleted=0");
91.  
92. rs = pstmt.executeQuery();
93.  
94. while (rs.next()) {
95. int id = rs.getInt("id");
96. String name = rs.getString("name");
97. int q = rs.getInt("quantity");
98. float price = rs.getFloat("price");
99.  
100. System.out.println("ID = " + id);
101. System.out.println("NAME = " + name);
102. System.out.println("Quantity = " + q);
103. System.out.println("Price = " + price);
104. System.out.println();
105. }
106. rs.close();
107. break;
108. }
109.  
110. }
111.  
112. scanner.close();
113. stmt.close();
114. c.close();
115.  
116. } catch (Exception e) {
117. e.printStackTrace();
118. System.err.println(e.getClass().getName() + ": " + e.getMessage());
119. System.exit(0);
120. }
121. }
122. }
123.  
124. // bogdan.iancu@ie.ase.ro