From 80c1b16f3ec32148cbd4e835dea59d493cde0066 Mon Sep 17 00:00:00 2001
From: mayhew64 <mayhew64@4033779f-a91e-0410-96ef-6bf7bf53c507>
Date: Tue, 5 Feb 2008 21:24:20 +0000
Subject: [PATCH] Changed ExecuteQuery to executeUpdate to remove empty result
 set error which stopped the lesson from working for HSQLDB

git-svn-id: http://webgoat.googlecode.com/svn/trunk@276 4033779f-a91e-0410-96ef-6bf7bf53c507
---
 .../JavaSource/org/owasp/webgoat/lessons/CSRF.java       | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
index cc5b293c5..55e977602 100644
--- a/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
+++ b/webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
@@ -91,17 +91,12 @@ public class CSRF extends LessonAdapter {
 			statement.setString(2, title);
 			statement.setString(3, message);
 			statement.setString(4, s.getUserName());
-			statement.executeQuery();
+			statement.executeUpdate();
+			
 		}
 		catch ( Exception e )
 		{
-			// ignore the empty resultset on the insert.  There are a few more SQL Injection errors
-			// that could be trapped here but we will let them try.  One error would be something
-			// like "Characters found after end of SQL statement." 
-			if ( e.getMessage().indexOf("No ResultSet was produced") == -1 )
-			{	
 				s.setMessage( "Could not add message to database" );
-			}
 		}
 	}