From f63bc44cd7e0dd3d0b993ddc0b5dcee7ee83ce1d Mon Sep 17 00:00:00 2001
From: Antony Chiu <antony@mobb.ai>
Date: Thu, 18 Jul 2024 09:36:03 -0600
Subject: [PATCH 1/2] Update SQLInjectionExample.java

---
 src/main/java/SQLInjectionExample.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index 8f42a44..4394186 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -12,8 +12,8 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-            String query = "SELECT * FROM users WHERE user name = '" + request.getParameter("username") + "';";
-            Statement stmt = con.createStatement();
+            String query = "SELECT * FROM users WHERE user name = '" + request.getParameter("username") + "';"; 
+            Statement stmt = con.createStatement(); 
 
             stmt.executeQuery(query);
         } catch (Exception e) {

From f5f490297afc5b7b2b14d1d6ac6b6648d5af300a Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Tue, 30 Jul 2024 17:10:25 +0000
Subject: [PATCH 2/2] SQL Injection fix by
 mobb-5847e6c0-bfc6-4347-a1bd-2826bf6b1b74

---
 src/main/java/SQLInjectionExample.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/src/main/java/SQLInjectionExample.java b/src/main/java/SQLInjectionExample.java
index 4394186..0a4bdd7 100644
--- a/src/main/java/SQLInjectionExample.java
+++ b/src/main/java/SQLInjectionExample.java
@@ -1,3 +1,4 @@
+import java.sql.PreparedStatement;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -12,10 +13,11 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
 
-            String query = "SELECT * FROM users WHERE user name = '" + request.getParameter("username") + "';"; 
-            Statement stmt = con.createStatement(); 
+            String query = "SELECT * FROM users WHERE user name = ?;"; 
+            PreparedStatement stmt = con.prepareStatement(query); 
 
-            stmt.executeQuery(query);
+            stmt.setString(1, request.getParameter("username"));
+            stmt.executeQuery();
         } catch (Exception e) {
             throw new ServletException(e);
         }