package WeChat;

import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.lang.module.ModuleFinder;
import java.util.HashMap;

@WebServlet(name = "ModifyStatus", urlPatterns = {"/ModifyStatus"}, loadOnStartup = 2)
public class ModifyStatus extends HttpServlet {
    protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        if(Authentication.islegal(request)){
            String UserID = request.getParameter("UserID");
            String BookID = request.getParameter("BookID");
            String MessageID = request.getParameter("MessageID");
            String Modify = request.getParameter("NewStatus");
            // 防止sql注入
            // 反正我觉得大概是没人用了，就无所谓吧?
            if(UserID != null && sqlfilter.islegal(UserID) && MessageID !=null
                && sqlfilter.islegal(BookID) && MessageID != null && sqlfilter.islegal(MessageID)) {
                Modify = sqlfilter.filter(Modify);
                String sql = "update Ordered set Status="+ Modify + " where UserID='" +
                        UserID + "' and BookID='" + BookID +"' and MessageID='" + MessageID+"'";
                ExecuteUpd.Execute(request,sql);
            }
        }
    }

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        doPost(request, response);
    }
}