From 2ec556a746c39142c8defb52fb4552737c459b6e Mon Sep 17 00:00:00 2001
From: Antony Chiu <antony@mobb.ai>
Date: Fri, 4 Apr 2025 13:12:36 -0600
Subject: [PATCH 1/2] Update SQLInjectionExample.java

---
 src/main/java/SQLInjectionExample.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index edb9bc4..edca806 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -11,8 +11,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';"; 
-            Statement stmt = con.createStatement();
+            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';";  
+            Statement stmt = con.createStatement(); 
 
             stmt.executeQuery(query);
         } catch (Exception e) {

From 944d9017b3e7e0008b577806c5afed86de04e9e6 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Fri, 4 Apr 2025 19:14:24 +0000
Subject: [PATCH 2/2] SQL Injection fix by
 mobb-2b4a438a-01fa-41f5-b739-185ad09553ba

---
 src/main/java/SQLInjectionExample.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index edca806..223f60f 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -1,3 +1,4 @@
+import java.sql.PreparedStatement;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -11,10 +12,11 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';";  
-            Statement stmt = con.createStatement(); 
+            String query = "SELECT * FROM users WHERE username = ?;";  
+            PreparedStatement stmt = con.prepareStatement(query); 
 
-            stmt.executeQuery(query);
+            stmt.setString(1, request.getParameter("username"));
+            stmt.executeQuery();
         } catch (Exception e) {
             throw new ServletException(e);
         }