Move the SQL Server instructions into a single file

Previously, the solution to this lesson involved a complex
set of operations, loading assemblies, creating functions, etc

Now that that is all done during the set up phase, and is not
expected of the student, the solution is easy to fit into
the instructor file.


git-svn-id: http://webgoat.googlecode.com/svn/trunk@245 4033779f-a91e-0410-96ef-6bf7bf53c507

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/UpdateProfile_i.java

@@ -75,16 +75,55 @@ END;
 		ADD CONSTRAINT address1_ck CHECK (REGEXP_LIKE(address1, '^[a-zA-Z0-9,\. ]{0,80}$'));
 		
 
-FOR SQL SERVER, the following process is required:
+FOR SQL SERVER, the following is required:
 
-Compile the C# RegexMatch user defined class routine to a DLL:
 
-C:> c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe /t:library RegexMatch.cs
-C:> copy RegexMatch.dll C:\TEMP\
+DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+GO
 
-execute the following script as the SA user, using SQuirreL SQL client:
-
- sqlserver.sql
+CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
+    @v_userid INT,
+    @v_first_name VARCHAR(20),
+    @v_last_name VARCHAR(20),
+    @v_ssn VARCHAR(12),
+    @v_title VARCHAR(20),
+    @v_phone VARCHAR(13),
+    @v_address1 VARCHAR(80),
+    @v_address2 VARCHAR(80),
+    @v_manager INT,
+    @v_start_date CHAR(8),
+    @v_salary INT,
+    @v_ccn VARCHAR(30),
+    @v_ccn_limit INT,
+    @v_disciplined_date CHAR(8),
+    @v_disciplined_notes VARCHAR(60),
+    @v_personal_description VARCHAR(60)
+AS
+    IF [webgoat_guest].RegexMatch(@v_address1, N'^[a-zA-Z0-9,\. ]{0,80}$') = 0
+        BEGIN
+          RAISERROR('Illegal characters in address1', 11, 1)
+          RETURN
+        END
+    UPDATE EMPLOYEE
+    SET
+        first_name = @v_first_name, 
+        last_name = @v_last_name, 
+        ssn = @v_ssn, 
+        title = @v_title, 
+        phone = @v_phone, 
+        address1 = @v_address1, 
+        address2 = @v_address2, 
+        manager = @v_manager, 
+        start_date = @v_Start_date,
+        salary = @v_salary, 
+        ccn = @v_ccn, 
+        ccn_limit = @v_ccn_limit, 
+        disciplined_date = @v_disciplined_date, 
+        disciplined_notes = @v_disciplined_notes, 
+        personal_description = @v_personal_description
+    WHERE
+        userid = @v_userid;
+GO
 
 */
 

webgoat/main/project/JavaSource/org/owasp/webgoat/lessons/instructor/DBCrossSiteScripting/sqlserver.sql

@@ -1,58 +0,0 @@
-
-
-IF EXISTS
-(
-	SELECT	1
-	FROM	INFORMATION_SCHEMA.ROUTINES
-	WHERE		ROUTINE_NAME 	= 'UPDATE_EMPLOYEE'
-		AND	ROUTINE_SCHEMA	= 'webgoat_guest'
-		AND	ROUTINE_TYPE	= 'PROCEDURE'
-)
-BEGIN
-	DROP PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
-END
-GO
-
-CREATE PROCEDURE webgoat_guest.UPDATE_EMPLOYEE
-    @v_userid INT,
-    @v_first_name VARCHAR(20),
-    @v_last_name VARCHAR(20),
-    @v_ssn VARCHAR(12),
-    @v_title VARCHAR(20),
-    @v_phone VARCHAR(13),
-    @v_address1 VARCHAR(80),
-    @v_address2 VARCHAR(80),
-    @v_manager INT,
-    @v_start_date CHAR(8),
-    @v_salary INT,
-    @v_ccn VARCHAR(30),
-    @v_ccn_limit INT,
-    @v_disciplined_date CHAR(8),
-    @v_disciplined_notes VARCHAR(60),
-    @v_personal_description VARCHAR(60)
-AS
-    IF [webgoat_guest].RegexMatch(@v_address1, N'^[a-zA-Z0-9,\. ]{0,80}$') = 0
-        BEGIN
-          RAISERROR('Illegal characters in address1', 11, 1)
-          RETURN
-        END
-    UPDATE EMPLOYEE
-    SET
-        first_name = @v_first_name, 
-        last_name = @v_last_name, 
-        ssn = @v_ssn, 
-        title = @v_title, 
-        phone = @v_phone, 
-        address1 = @v_address1, 
-        address2 = @v_address2, 
-        manager = @v_manager, 
-        start_date = @v_Start_date,
-        salary = @v_salary, 
-        ccn = @v_ccn, 
-        ccn_limit = @v_ccn_limit, 
-        disciplined_date = @v_disciplined_date, 
-        disciplined_notes = @v_disciplined_notes, 
-        personal_description = @v_personal_description
-    WHERE
-        userid = @v_userid;
-GO