From 17fe003f2f1944e9bd7b4f8f0a9bee543a2cade3 Mon Sep 17 00:00:00 2001
From: "rogan.dawes" <rogan.dawes@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Wed, 11 Jul 2007 12:54:33 +0000
Subject: [PATCH] Add stored procedures for the SQL Injection lesson

git-svn-id: http://webgoat.googlecode.com/svn/trunk@170 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../project/WebContent/WEB-INF/webgoat_oracle.sql  | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql b/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql
index e5ac117e6..8e4d82e67 100755
--- a/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql	
+++ b/ webgoat/main/project/WebContent/WEB-INF/webgoat_oracle.sql	
@@ -3,4 +3,18 @@ CREATE USER webgoat IDENTIFIED BY webgoat DEFAULT TABLESPACE users;
 GRANT CONNECT, RESOURCE TO webgoat;
 GRANT CREATE PROCEDURE TO webgoat;
 
+CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN(v_id NUMBER, v_password VARCHAR) AS
+    stmt VARCHAR(32767);v_userid NUMBER;
+BEGIN
+    stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO v_userid;
+END;
+
+CREATE OR REPLACE PROCEDURE EMPLOYEE_LOGIN_BACKUP(v_id NUMBER, v_password VARCHAR) AS
+    stmt VARCHAR(32767);v_userid NUMBER;
+BEGIN
+    stmt  := 'SELECT USERID FROM EMPLOYEE WHERE USERID = ' || v_id || ' AND PASSWORD = ''' || v_password || '''';
+    EXECUTE IMMEDIATE stmt INTO v_userid;
+END;
+
 exit;