You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
36 lines
1.6 KiB
36 lines
1.6 KiB
package WeChat;
|
|
|
|
import javax.servlet.ServletException;
|
|
import javax.servlet.annotation.WebServlet;
|
|
import javax.servlet.http.HttpServlet;
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import java.io.IOException;
|
|
import java.lang.module.ModuleFinder;
|
|
import java.util.HashMap;
|
|
|
|
@WebServlet(name = "ModifyStatus", urlPatterns = {"/ModifyStatus"}, loadOnStartup = 2)
|
|
public class ModifyStatus extends HttpServlet {
|
|
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|
if(Authentication.islegal(request)){
|
|
String UserID = request.getParameter("UserID");
|
|
String BookID = request.getParameter("BookID");
|
|
String MessageID = request.getParameter("MessageID");
|
|
String Modify = request.getParameter("NewStatus");
|
|
// 防止sql注入
|
|
// 反正我觉得大概是没人用了,就无所谓吧?
|
|
if(UserID != null && sqlfilter.islegal(UserID) && MessageID !=null
|
|
&& sqlfilter.islegal(BookID) && MessageID != null && sqlfilter.islegal(MessageID)) {
|
|
Modify = sqlfilter.filter(Modify);
|
|
String sql = "update Ordered set Status="+ Modify + " where UserID='" +
|
|
UserID + "' and BookID='" + BookID +"' and MessageID='" + MessageID+"'";
|
|
ExecuteUpd.Execute(request,sql);
|
|
}
|
|
}
|
|
}
|
|
|
|
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
|
|
doPost(request, response);
|
|
}
|
|
}
|