dubey/WebGoat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Changed ExecuteQuery to executeUpdate to remove empty result set error which stopped the lesson from working for HSQLDB

Browse Source 
git-svn-id: http://webgoat.googlecode.com/svn/trunk@276 4033779f-a91e-0410-96ef-6bf7bf53c507
This commit is contained in:
mayhew64 2008-02-05 21:24:20 +00:00
parent 5e8f7c7096
commit 80c1b16f3e
1 changed files with 2 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/CSRF.java
View File

@ -91,19 +91,14 @@ public class CSRF extends LessonAdapter {
statement.setString(2, title); statement.setString(2, title);
statement.setString(3, message); statement.setString(3, message);
statement.setString(4, s.getUserName()); statement.setString(4, s.getUserName());
statement.executeQuery(); statement.executeUpdate();
} }
catch ( Exception e ) catch ( Exception e )
{
// ignore the empty resultset on the insert. There are a few more SQL Injection errors
// that could be trapped here but we will let them try. One error would be something
// like "Characters found after end of SQL statement."
if ( e.getMessage().indexOf("No ResultSet was produced") == -1 )
{ {
s.setMessage( "Could not add message to database" ); s.setMessage( "Could not add message to database" );
} }
} }
}
@Override @Override
protected Element createContent(WebSession s) { protected Element createContent(WebSession s) {