Changed ExecuteQuery to executeUpdate to remove empty result set error which stopped the lesson from working for HSQLDB

git-svn-id: http://webgoat.googlecode.com/svn/trunk@276 4033779f-a91e-0410-96ef-6bf7bf53c507
2008-02-05 21:24:20 +00:00 · 2008-02-05 21:24:20 +00:00 · 80c1b16f3e
commit 80c1b16f3e
parent 5e8f7c7096
1 changed files with 2 additions and 7 deletions
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
@ -91,17 +91,12 @@ public class CSRF extends LessonAdapter {
 			statement.setString(2, title);
 			statement.setString(3, message);
 			statement.setString(4, s.getUserName());
-			statement.executeQuery();
+			statement.executeUpdate();
+			
 		}
 		catch ( Exception e )
 		{
-			// ignore the empty resultset on the insert.  There are a few more SQL Injection errors
-			// that could be trapped here but we will let them try.  One error would be something
-			// like "Characters found after end of SQL statement." 
-			if ( e.getMessage().indexOf("No ResultSet was produced") == -1 )
-			{	
 				s.setMessage( "Could not add message to database" );
-			}
 		}
 	}