Hintergrund-Code Erzeugte SQL-Query
public static User login(String uname, String pw) throws InternalServerErrorException {
try {
conn = DriverManager.getConnection(...);
Statement stmt = conn.createStatement();
ResultSet rs = stmt.executeQuery("SELECT benutzername " +
"FROM benutzer " +
"WHERE benutzername ='" + uname + "' " +
"AND passwort ='"+ md5(pw) + "';");
if (rs.next()){
return new User(rs.getString("benutzername"));
}
return null;
}
catch (SQLException e) {
throw new InternalServerErrorException();
}
}
//...def print_search(user_input):
try:
conn = psycopg2.connect(...)
cur = conn.cursor()
cur.execute("SELECT produkt_id, marke, groesse, preis "
"FROM schuhe "
"WHERE marke='" + user_input + "';")
row = cur.fetchone()
while row is not None:
print("<tr>")
for col in row: print("<td>"+str(col)+"</td>")
print("</tr>")
row = cur.fetchone()
cur.close()
except (MySQLdb.Error, MySQLdb.Warning) as e:
print("Internal Server Error")
# ...
$conn = new PDO(...);
$qu = "SELECT marke, groesse, preis ";
$qu .= "FROM schuhe ";
$qu .= "WHERE produkt_id=".$_GET["produkt_id"];
$stmt = $conn->query($qu);
$res = $stmt->fetch();
echo <<<OUTPUT
<b>Marke:</b> {$res["marke"]}<br>
<b>Größe:</b> {$res["groesse"]}<br>
<b>Preis:</b> {$res["preis"]}€
OUTPUT;