import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.sql.*;
import java.util.Date;

public class mobiil extends HttpServlet{
  public static String rmHTML(String tekst){
     if(tekst==null){return null;}
     StringBuffer puhver=new StringBuffer();
     for(int i=0; i<tekst.length(); i++){
       char c=tekst.charAt(i);
       switch(c){
         case '<': puhver.append("&lt;"); break;
         case '>': puhver.append("&gt;"); break;
         case '&': puhver.append("&amp;"); break;
         case '"': puhver.append("&quot;"); break;
		 case '\n': puhver.append("<br>"); break;
         default: puhver.append(c);
       }
     }
     return puhver.toString();
  }

   public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException{
     response.setContentType("text/html");
 	 PrintWriter output=response.getWriter();
	try{
	 Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
     Connection connection=DriverManager.getConnection("jdbc:odbc:uudised","","");
	 PreparedStatement ps;
	 ps=connection.prepareStatement("INSERT INTO comments (comauthor, comcontents, msgid, comtime) VALUES (?,?,'1',?)");	
	 ps.setString(1, rmHTML(request.getParameter("author")));
	 ps.setString(2, rmHTML(request.getParameter("contents")));
	 ps.setDate(3, new java.sql.Date(new java.util.Date().getTime()));
     ps.executeUpdate();
     connection.close();
	 output.print("ok");
	}catch(Exception e){
		output.print("viga: "+e.getMessage());
	}
   }
}