import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; import java.sql.*; import com.brainysoftware.java.StringUtil; public class UpdateServlet extends HttpServlet { private String dbUrl = "jdbc:odbc:JavaWeb"; /**Process the HTTP Get request*/ public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException,IOException { sendPageHeader(response); sendUpdateForm(request, response); sendPageFooter(response); } /**Process the HTTP Post request*/ public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { sendPageHeader(response); updateRecord(request, response); sendPageFooter(response); } /** * Send the HTML page header, including the title * and the tag */ private void sendPageHeader(HttpServletResponse response) throws ServletException, IOException { response.setContentType("text/html"); PrintWriter out = response.getWriter(); out.println(""); out.println(""); out.println("Updating Record"); out.println(""); out.println(""); out.println("
"); } /** * Send the HTML page footer, i.e. the * and the */ private void sendPageFooter(HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); out.println("
"); out.println(""); out.println(""); } /**Send the form where the user can type in * the details for a new user */ private void sendUpdateForm(HttpServletRequest request, HttpServletResponse response) throws IOException { String id = request.getParameter("id"); PrintWriter out = response.getWriter(); out.println("

Update Form

"); out.println("
Please edit the first name, last name or password."); out.println("
"); try { String sql = "SELECT FirstName, LastName," + " UserName, Password" + " FROM Users" + " WHERE Id=" + id; Connection con = DriverManager.getConnection(dbUrl); Statement s = con.createStatement(); ResultSet rs = s.executeQuery(sql); if (rs.next()) { String firstName = rs.getString(1); String lastName = rs.getString(2); String userName = rs.getString(3); String password = rs.getString(4); out.println("
"); out.println(""); out.println(""); out.println(""); out.print(""); out.println(""); out.println(""); out.println(""); out.print(""); out.println(""); out.println(""); out.println(""); out.print(""); out.println(""); out.println(""); out.println(""); out.print(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println(""); out.println("
First Name
Last Name
User Name" + StringUtil.encodeHtmlTag(userName) + "
Password
"); out.println("
"); } s.close(); con.close(); } catch (SQLException e) { out.println(e.toString()); } catch (Exception e) { out.println(e.toString()); } } void updateRecord(HttpServletRequest request, HttpServletResponse response) throws IOException { String id = request.getParameter("id"); String firstName = request.getParameter("firstName"); String lastName = request.getParameter("lastName"); String password = request.getParameter("password"); PrintWriter out = response.getWriter(); try { String sql = "UPDATE Users" + " SET FirstName='" + StringUtil.fixSqlFieldValue(firstName) + "'," + " LastName='" + StringUtil.fixSqlFieldValue(lastName) + "'," + " Password='" + StringUtil.fixSqlFieldValue(password) + "'" + " WHERE Id=" + id; Connection con = DriverManager.getConnection(dbUrl); Statement s = con.createStatement(); int i = s.executeUpdate(sql); if (i==1) out.println("Record updated"); else out.println("Error updating record"); s.close(); con.close(); } catch (SQLException e) { out.println(e.toString()); } catch (Exception e) { out.println(e.toString()); } out.println("Go back to the Search Page"); } }