import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.sql.*;
import java.util.Date;

public class komLisamine extends HttpServlet{

  public static String rmHTML(String tekst){
     if(tekst==null){return null;}
     StringBuffer puhver=new StringBuffer();
     for(int i=0; i<tekst.length(); i++){
       char c=tekst.charAt(i);
       switch(c){
         case '<': puhver.append("&lt;"); break;
         case '>': puhver.append("&gt;"); break;
         case '&': puhver.append("&amp;"); break;
         case '"': puhver.append("&quot;"); break;
		 case '\n': puhver.append("<br>"); break;
         default: puhver.append(c);
       }
     }
     return puhver.toString();
  }

   public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException{
	try{
	 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     Connection connection=DriverManager.getConnection("jdbc:odbc:uudised","","");
	 PreparedStatement ps;
	
	 int id=0;
	 if (request.getParameter("id")!=null){
		id=Integer.parseInt(request.getParameter("id"));
		ps=connection.prepareStatement("UPDATE comments set comauthor=?, comcontents=?, msgid=?, comtime=? where comid=?");
	 }else{
		ps=connection.prepareStatement("INSERT INTO comments (comauthor, comcontents, msgid, comtime) VALUES (?,?,?,?)");
	 }
		
	int msgid=Integer.parseInt(request.getParameter("msgid"));
	 ps.setString(1, rmHTML(request.getParameter("author")));
	 ps.setString(2, rmHTML(request.getParameter("contents")));
	 ps.setInt(3, msgid);
	 ps.setDate(4, new java.sql.Date(new java.util.Date().getTime()));

	 if (id>0){
		ps.setInt(5, id);
	 }

     ps.executeUpdate();
     connection.close();
	 response.sendRedirect("uudisteKom?id="+msgid);
	}catch(Exception e){
		 response.sendRedirect("uudis");
	}
   }
}