Quick Setup a Project Using JDBC & Derby DB/Java DB
Categories: Database • Java; Tagged with: Derby • Java • JDBC • Maven; @ May 8th, 2014 0:03Set up Maven dependences
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derbyclient</artifactId>
<version>10.10.2.0</version>
</dependency>
<dependency>
<groupId>org.apache.derby</groupId>
<artifactId>derby</artifactId>
<version>10.10.2.0</version>
</dependency>
Connect to the DB using JDBC
This method will print out all Tables; // before you do anything with the Database, there should be some System tables already.
package com.liguoliang;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
public class JDBCTest {
private static final String DB_URL = "jdbc:derby:tempDBForTest;create=true";
public static void main(String[] args) {
Connection conn = null ;
try {
Class.forName("org.apache.derby.jdbc.EmbeddedDriver") ;
conn = DriverManager.getConnection(DB_URL);
String sql = "SELECT TABLENAME FROM SYS.SYSTABLES";
PreparedStatement ps = conn.prepareStatement(sql);
ResultSet rs = ps.executeQuery();
while (rs.next()) {
System.out.println("Rs: " + rs.getString(1));
}
} catch (SQLException se) {
se.printStackTrace();
} catch(ClassNotFoundException e){
System.out.println("JDBC Driver not found in CLASSPATH") ;
}finally {
if(conn != null){
try{
conn.close() ;
} catch(SQLException se){
se.printStackTrace();
}
}
}
}
}
Use Eclipse to manage your Derby
Switch to ‘Database Development’ perspective, you may create/manage Derby DB/table.
JDBC Statement SQL Injection
Categories: Java; Tagged with: Derby • Java • JDBC; @ May 7th, 2014 23:54Here is an example to inject dirty SQL using JDBC Statement:
package com.liguoliang.j2ee;
import static org.junit.Assert.*;
import java.sql.Connection;
import java.sql.DriverManager;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Date;
import org.junit.Before;
import org.junit.Test;
public class TestJDBC {
private static final String DB_URL = "jdbc:derby:C:\\Users\\Guoliang\\MyDB;create=true";
Connection conn = null ;
@Before
public void before() throws ClassNotFoundException, SQLException {
Class.forName("org.apache.derby.jdbc.EmbeddedDriver") ;
conn = DriverManager.getConnection(DB_URL);
}
@Test
public void testSQLInjection() throws SQLException {
String userName = "guoliang' OR 'a' = 'a";
String password = "wrong-password" + new Date().toString();
Statement statement = conn.createStatement();
String sql = "SELECT * FROM USERS WHERE USER_NAME = '" + userName + "' AND PASSWORD = '" + password + "'";
System.out.println(sql);
ResultSet rs = statement.executeQuery(sql);
int userId = -1;
while (rs.next()) {
userId= rs.getInt(1);
System.out.println(" > User Id: " + userId); // Will print all user id;
}
assertTrue(userId != -1);
}
@Test
public void testPreparedStatement() throws SQLException {
String userName = "guoliang' OR 'a' = 'a";
String password = "wrong-password";
PreparedStatement ps = conn.prepareStatement("SELECT * FROM USERS WHERE USER_NAME = ? AND PASSWORD = ?");
ps.setString(1, userName);
ps.setString(2, password);
ResultSet rs = ps.executeQuery();
int userId = -1;
while (rs.next()) {
userId= rs.getInt(1);
fail("User Id: " + userId);
}
System.out.println("userId: " + userId);
}
}
I set one of the paramters to : [guoliang ‘a’ = ‘a], the I got the SQL:
SELECT * FROM USERS WHERE USER_NAME = 'guoliang' OR 'a' = 'a' AND PASSWORD = 'wrong-passwordWed May 07 23:47:11 CST 2014'
This means, the SQL will return all records in this table.
However we can use prepared statement to solve this issue.
SQLs used by this example:
CREATE TABLE USERS (ID INT, USER_NAME VARCHAR(20), PASSWORD VARCHAR(20)); INSERT INTO USERS (ID, USER_NAME, PASSWORD) VALUES (1, 'guoliang', 'password_abc');
Running from Expo to Toa Payoh via. PCN(Park Connector Network)
Categories: 垃圾山; Tagged with: Life@SG|新加坡 • Run; @ May 4th, 2014 17:27Yesterday, I run from Expo to Toa Payoh via. Beeok PC, Bartley Rd, Ubi Ave, Blam PC, Pelton Canal PC, Kallang PC, Whampoa PC:
It takes me 3 Hours, around 20KM; My GPS wasn’t working, so I stopped many times for looking the map.
The park connectors:
Singapore Park Connector Network: http://www.nparks.gov.sg/cms/index.php?option=com_visitorsguide&task=parkconnectors&Itemid=375
Some one created a better map using Google Maps: https://maps.google.com.sg/maps/ms?msa=0&msid=211677408261103035127.00046c63c89ec81c30971&dg=feature
WordPress: Disable Comment and Ping/Trackback 彻底停用评论/引用功能
Categories: Development Notes • WordPress; Tagged with: Spam • WordPress; @ May 4th, 2014 12:29Requirement:
Spam comments try to rape my blog everyday, I want to disable the comment feature.
Step 1: Disable the comment /pingback/trackback in WordPress admin console:
By un-checking these two boxes, no body can comment or pingback/trackback to the *NEW* posts from now on.
but, “(These settings may be overridden for individual articles.)”, this means all your post *prior* to the change still can be commented of pingback, let’s move to next step.
Step 2: Disable ALL posts comment and pingback/trackback
Run this SQL:
UPDATE ‘wordpress_posts’ SET comment_status='closed', ping_status='closed'
From now on, NO ONE can comment / ping / trackback to any post. Life is much better.
If you want to delete all pending/spam comments, you may refer to : WordPress: batch deleting spam comments 批量删除垃圾回复
Using Branch in Git
Categories: Development Notes; Tagged with: Git • GitHub • VCS; @ May 4th, 2014 10:29List branch names
git branch
View Branches
git show-branch
Create new branch
git branch liguoliang-com
GDEV SimpleWordPressTheme # git show-branch
! [liguoliang-com] changed version
* [master] changed version
—
+* [liguoliang-com] changed version
Switch Branch
GDEV SimpleWordPressTheme # git checkout liguoliang-com
GDEV SimpleWordPressTheme # git status
# On branch liguoliang-com
Push new branch to Remote Server. e.g. Github:
GDEV SimpleWordPressTheme # git push origin liguoliang-com