From 0a6bc71f76a6e8b34b3c7db711c1ca516478df1f Mon Sep 17 00:00:00 2001
From: eitanMobb <165832608+eitanMobb@users.noreply.github.com>
Date: Mon, 3 Feb 2025 10:45:22 -0500
Subject: [PATCH 1/2] Update my naive sql.java

---
 my naive sql.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/my naive sql.java b/my naive sql.java
index 78e1515..1e7b6b0 100644
--- a/my naive sql.java	
+++ b/my naive sql.java	
@@ -11,6 +11,11 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
         try {
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
             String user = request.getParameter("username");
+            
+            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';";
+            Statement stmt = con.createStatement();
+
+            stmt.executeQuery(query);
         } catch (Exception e) {
             throw new ServletException(e);
         }

From 7ea345f74960c4b2443f64a5bfd56ed9299c06f7 Mon Sep 17 00:00:00 2001
From: Mobb autofixer <git@mobb.ai>
Date: Mon, 3 Feb 2025 15:47:15 +0000
Subject: [PATCH 2/2] SQL Injection fix by
 mobb-4b1cc3b4-f5a8-415a-ad28-afef810abcd7

---
 my naive sql.java | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/my naive sql.java b/my naive sql.java
index 1e7b6b0..951a8bd 100644
--- a/my naive sql.java	
+++ b/my naive sql.java	
@@ -1,3 +1,4 @@
+import java.sql.PreparedStatement;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
@@ -12,10 +13,11 @@ protected void doGet(HttpServletRequest request, HttpServletResponse response) t
             Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/db");
             String user = request.getParameter("username");
             
-            String query = "SELECT * FROM users WHERE username = '" + request.getParameter("username") + "';";
-            Statement stmt = con.createStatement();
+            String query = "SELECT * FROM users WHERE username = ?;";
+            PreparedStatement stmt = con.prepareStatement(query);
 
-            stmt.executeQuery(query);
+            stmt.setString(1, request.getParameter("username"));
+            stmt.executeQuery();
         } catch (Exception e) {
             throw new ServletException(e);
         }