import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.sql.*; import java.util.Date; public class uudisteLisamine extends HttpServlet{ public static String rmHTML(String tekst){ if(tekst==null){return null;} StringBuffer puhver=new StringBuffer(); for(int i=0; i': puhver.append(">"); break; case '&': puhver.append("&"); break; case '"': puhver.append("""); break; case '\n': puhver.append("
"); break; default: puhver.append(c); } } return puhver.toString(); } public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException{ try{ HttpSession session = request.getSession(true); Boolean tmpLog=(Boolean)session.getAttribute("logitud"); if(!(tmpLog!=null && tmpLog.booleanValue())){ throw new Exception(); } Class.forName("sun.jdbc.odbc.JdbcOdbcDriver"); Connection connection=DriverManager.getConnection("jdbc:odbc:uudised","",""); PreparedStatement ps; int id=0; if (request.getParameter("id")!=null){ id=Integer.parseInt(request.getParameter("id")); ps=connection.prepareStatement("UPDATE messages set msgauthor=?, type=?, header=?, contents=?, time=? where id=?"); }else{ ps=connection.prepareStatement("INSERT INTO messages (msgauthor, type, header, contents, time) VALUES (?,?,?,?,?)"); } ps.setString(1, rmHTML(request.getParameter("author"))); ps.setInt(2, Integer.parseInt(request.getParameter("type"))); ps.setString(3, rmHTML(request.getParameter("header"))); ps.setString(4, rmHTML(request.getParameter("contents"))); ps.setTimestamp(5, new java.sql.Timestamp(new java.util.Date().getTime())); if (id>0){ ps.setInt(6, id); } ps.executeUpdate(); connection.close(); response.sendRedirect("uudised"); }catch(Exception e){ response.sendRedirect("uudisteViga"); } } }